Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-749

CWE-749

Low likelihood

Exposed Dangerous Method or Function

Parent: CWE-284 - Improper Access Control

The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

167 vulnerabilities with CWE-749

CVE-2026-49993 MEDIUM

Nuxt Builders >=3.15.4,<3.21.7 and >=4.0.0,<4.4.7 - Source Code Disclosure

CVE-2026-45670 MEDIUM

Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99)

CVE-2026-12060 MEDIUM

Hepta Platforms｜Heptabase - Exposed Dangerous

CVE-2026-7516 MEDIUM

Lenovo Application < 7.3.8 - Exposed Dangerous Method or Function

CVE-2026-47899 HIGH

Arbitrary File Read, Write, Rename, and Delete in Logseq

CVE-2026-44698 HIGH

Home Assistant: Cross-origin iframe access token exfiltration via WebView JS bridge callback injection

CVE-2026-44798 HIGH

Nautobot: GitRepository.current_head field should not be writable through REST API

CVE-2026-44836 MEDIUM

view_component: Preview Route Can Dispatch Inherited Helper Methods

CVE-2026-4051 HIGH

IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to Server Post-Auth Remote Code Execution

CVE-2026-33584 MEDIUM

Arqit SKA-Platform Enables Access to Debug Information

CVE-2026-33583 HIGH

Arqit SKA-Platform Vulnerable to Key Exposure

CVE-2026-8108 HIGH

Fuji Electric Tellus Exposed Dangerous Method or Function

CVE-2026-8109 MEDIUM

Ivanti Endpoint Manager < 2024 SU6 - Authenticated Credential Leak via Exposed Core Server Method

CVE-2026-6402 MEDIUM

webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins

CVE-2026-25266 MEDIUM

Exposed dangerous function in windows host

CVE-2026-5173 HIGH

Exposed Dangerous Method or Function in GitLab

CVE-2026-35488 HIGH

Tandoor Recipes — CustomIsShared permits DELETE/PUT on RecipeBook by shared (read-only) users

CVE-2026-2275 CRITICAL

CrewAI 1.0 - RCE via CodeInterpreter Sandbox Fallback

CVE-2026-3483 HIGH

Ivanti DSM <2026.1.1 - Privilege Escalation

CVE-2026-30957 CRITICAL

OneUptime <10.0.21 - Command Injection

CVE-2026-30921 CRITICAL

OneUptime < 10.0.20 - Synthetic Monitor Remote Code Execution

CVE-2026-30797 HIGH

RustDesk Client <=1.4.5 - Auth Bypass

CVE-2026-20423 HIGH

wlan STA driver - Privilege Escalation

CVE-2026-28400 HIGH

Docker Model Runner <1.0.16 - Command Injection

CVE-2026-22208 CRITICAL

OpenS100 < 753cf29 - Remote Code Execution via Unrestricted Lua Standard Library Access

Page 1 of 7 Next

Details

Vulnerabilities 167

Exploit Likelihood Low

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy