CWE-749— Exposed Dangerous Method or Function

154 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →

CVEs classified under CWE-749page 4 of 4

CVE-2026-5173HIGHCVSS 8.5EG 8.5
2026-04-08
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to invoke unintended server-side methods through we…
CVE-2026-6402MEDIUMCVSS 5.3EG 5.3
2026-05-12
webpack-dev-server versions up to and including 5.2.3 are vulnerable to cross-origin source code exposure when serving over a non-potentially trustworthy origin such as plain HTTP. The previous fix relied on the Sec-Fetch-Mode and Sec-Fetc…
CVE-2026-8108HIGHCVSS 7.8EG 7.8
2026-05-12
The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions.
CVE-2026-8109MEDIUMCVSS 6.5EG 6.5
2026-05-12
An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials.

Map vulnerabilities like CWE-749 to your infrastructure

EchelonGraph correlates every CVE — across CWE-749 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.

Start Free Scan →