Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-749

CWE-749

Low likelihood

Exposed Dangerous Method or Function

Parent: CWE-284 - Improper Access Control

The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

167 vulnerabilities with CWE-749

CVE-2025-30359 MEDIUM

webpack-dev-server <5.2.1 - Info Disclosure

CVE-2025-48415 MEDIUM

eCharge cPH2 and cPP2 Charging Stations <=2.2.0 - USB Backdoor Command Execution

CVE-2025-43003 MEDIUM

SAP S/4 HANA - Privilege Escalation

CVE-2025-43955 LOW

Convertigo < 8.3.4 - Exposed Dangerous Method via TwsCachedXPathAPI

CVE-2025-3698 HIGH

Carlcare - Information Exposure via Interface Exposure

CVE-2025-26651 MEDIUM

Windows Local Session Manager - DoS

CVE-2025-24361 MEDIUM

Nuxt 3.0.0-3.15.12 - Source Code Exposure via Webpack Chunk Inspection

CVE-2025-24359 HIGH

asteval < 1.0.6 - Remote Code Execution via FormattedValue AST Node Handling

CVE-2024-43065 HIGH

Qualcomm FastConnect 7800 Firmware - Cryptographic Key Pair Generation Issue

CVE-2024-6863 MEDIUM

h2oai/h2o-3 3.46.0 - Arbitrary File Encryption via EncryptionTool Endpoint

CVE-2024-12651 HIGH

PTT Inc. HGS Mobile App <6.5.0 - Code Injection

CVE-2024-55945 MEDIUM

TYPO3 11.0.0-11.5.41 - Cross-Site Request Forgery via Backend Deep Links

CVE-2024-55924 HIGH

TYPO3 11.0.0-11.5.41 - Cross-Site Request Forgery via Backend Deep Links

CVE-2024-55923 MEDIUM

TYPO3 10.0.0-10.4.48 - Cross-Site Request Forgery via Backend Deep Links

CVE-2024-55922 MEDIUM

TYPO3 10.0.0-10.4.47 - Cross-Site Request Forgery via Backend Deep Links

CVE-2024-55921 HIGH

TYPO3 10.0.0-10.4.48 - Cross-Site Request Forgery and Remote Code Execution via Extension Manager Module

CVE-2024-55920 MEDIUM

TYPO3 10.0.0-10.4.48 - Cross-Site Request Forgery via Backend Deep Links

CVE-2024-55894 MEDIUM

TYPO3 10.0.0-10.4.47 - Cross-Site Request Forgery via Backend Deep Links

CVE-2024-55893 MEDIUM

TYPO3 10.0.0-10.4.47 - Cross-Site Request Forgery via Backend Deep Links

CVE-2024-13242 CRITICAL

Drupal Swift Mailer - Resource Location Spoofing via Exposed Dangerous Method

CVE-2024-51992 MEDIUM

Orchid Platform 8.0-14.42.x - Exposed Dangerous Method in Asynchronous Modal Functionality

CVE-2024-47005 HIGH

Sharp/Toshiba Tec MFP - Info Disclosure

CVE-2024-4739 MEDIUM

MXsecurity <v1.1.0 - Info Disclosure

CVE-2024-6510 HIGH

AVG Internet Security <24 - Privilege Escalation

CVE-2024-6689 HIGH

baramundi Management Agent <23.1.172.0 - Privilege Escalation

Previous Page 3 of 7 Next

Details

Vulnerabilities 167

Exploit Likelihood Low

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy