Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-749

CWE-749

Low likelihood

Exposed Dangerous Method or Function

Parent: CWE-284 - Improper Access Control

The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

167 vulnerabilities with CWE-749

CVE-2026-22812 HIGH

OpenCode <1.0.216 - Command Injection

CVE-2025-14713 HIGH

Synology C2 Identity Edge Server < 1.76.0-0307 - Exposed Dangerous Method or Function

CVE-2025-47366 HIGH

Qualcomm FastConnect and AR8035 Firmware - Cryptographic Issue in Trusted Zone

CVE-2025-9611 HIGH

Microsoft Playwright MCP Server <0.0.40 - SSRF

CVE-2025-68697 HIGH

n8n < 2.0.0 - Authenticated Arbitrary File Read and Write via Code Node Helper Functions

CVE-2025-14497 HIGH

RealDefense SUPERAntiSpyware - Privilege Escalation

CVE-2025-14496 HIGH

RealDefense SUPERAntiSpyware - Privilege Escalation

CVE-2025-14495 HIGH

RealDefense SUPERAntiSpyware - Privilege Escalation

CVE-2025-14494 HIGH

RealDefense SUPERAntiSpyware - Privilege Escalation

CVE-2025-14493 HIGH

RealDefense SUPERAntiSpyware - Privilege Escalation

CVE-2025-14492 HIGH

RealDefense SUPERAntiSpyware - Privilege Escalation

CVE-2025-14491 HIGH

RealDefense SUPERAntiSpyware - Privilege Escalation

CVE-2025-14490 HIGH

RealDefense SUPERAntiSpyware - Privilege Escalation

CVE-2025-14489 HIGH

RealDefense SUPERAntiSpyware - Privilege Escalation

CVE-2025-14488 HIGH

RealDefense SUPERAntiSpyware - Privilege Escalation

CVE-2025-59788 MEDIUM

Nextcloud < 32.0.1 - Cross-Site Scripting via Crafted PDF File

CVE-2025-64443 CRITICAL

docker/mcp-gateway < 0.28.0 - DNS Rebinding in SSE or Streaming Transport Mode

CVE-2025-47353 HIGH

Qualcomm Firmware - Memory Corruption via GVM Request Processing

CVE-2025-61907 MEDIUM

Icinga 2.4-2.15.0 - Authenticated Information Disclosure via Filter Expression

CVE-2025-59403 CRITICAL

Flock Safety Android Collins 6.35.31 - RCE & DoS via Exposed API

CVE-2025-34114 HIGH

OpenBlow - Client-Side Security Misconfiguration via Missing Critical HTTP Response Headers

CVE-2025-53964 CRITICAL

GoldenDict <1.5.2 - Info Disclosure

CVE-2025-37097 HIGH

HPE Insight Remote Support < 7.15.0.646 - Unauthenticated Denial of Service

CVE-2025-5823 MEDIUM

Autel MaxiCharger AC Wallbox Commercial - Info Disclosure

CVE-2025-5748 HIGH

WOLFBOX Level 2 EV Charger Firmware - Remote Code Execution via Tuya Communications Module

Previous Page 2 of 7 Next

Details

Vulnerabilities 167

Exploit Likelihood Low

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy