CWE-749

Low likelihood

Exposed Dangerous Method or Function

Parent: CWE-284 - Improper Access Control

The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

167 vulnerabilities with CWE-749
CVE-2024-35209 MEDIUM
SINEC Traffic Analyzer <V1.2 - Info Disclosure
CVSS 6.2
CVE-2024-5299 HIGH
D-Link D-View 8 - Remote Code Execution via execMonitorScript Method
CVSS 8.8
CVE-2024-5298 HIGH
D-Link D-View 8 - Remote Code Execution via queryDeviceCustomMonitorResult Method
CVSS 8.8
CVE-2024-32764 CRITICAL
myQNAPcloud Link <2.4.51 - Privilege Escalation
CVSS 9.9
CVE-2024-27261 MEDIUM
IBM Storage Defender - Resiliency Service <2.0.3 - Privilege Escala...
CVSS 6.4
CVE-2024-29880 MEDIUM
JetBrains TeamCity <2023.11 - Privilege Escalation
CVSS 4.2
CVE-2024-27444 CRITICAL
langchain-experimental < 0.1.8 - Remote Code Execution via Unrestricted Python Attribute Access
CVSS 9.8
CVE-2024-25675 CRITICAL
MISP < 2.4.184 - Unauthenticated Export Generation via GET Request
CVSS 9.8
CVE-2023-39470 HIGH
PaperCut NG < 22.1.1 - Authenticated Remote Code Execution via Exposed Dangerous Function
CVSS 7.2
CVE-2023-51584 HIGH
Voltronic Power ViewPower Pro - Remote Code Execution via Exposed Shutdown Method
CVSS 8.8
CVE-2023-51583 CRITICAL
Voltronic Power ViewPower - Unauthenticated Remote Code Execution via UpsScheduler Exposed Method
CVSS 9.8
CVE-2023-51582 CRITICAL
Voltronic Power ViewPower - Unauthenticated Remote Code Execution via LinuxMonitorConsole
CVSS 9.8
CVE-2023-51581 CRITICAL
Voltronic Power ViewPower - Remote Code Execution via MacMonitorConsole Exposed Method
CVSS 9.8
CVE-2023-51578 HIGH
Voltronic Power ViewPower - Unauthenticated Denial of Service via MonitorConsole Exposed Method
CVSS 7.5
CVE-2023-51577 HIGH
Voltronic Power ViewPower - Privilege Escalation
CVSS 7.8
CVE-2023-51575 CRITICAL
Voltronic Power ViewPower - Unauthenticated Remote Code Execution via MonitorConsole Exposed Method
CVSS 9.8
CVE-2023-51574 CRITICAL
Voltronic Power ViewPower - Auth Bypass
CVSS 9.8
CVE-2023-44414 CRITICAL
D-Link D-View 8 - Unauthenticated Remote Code Execution via coreservice_action_script
CVSS 9.8
CVE-2023-42032 HIGH
Visualware MyConnection Server - Unauthenticated Information Disclosure via doRTAAccessUPass Method
CVSS 7.5
CVE-2023-40501 CRITICAL
LG Simple Editor - Unauthenticated Remote Code Execution via copyContent Command
CVSS 9.8
CVE-2023-40500 CRITICAL
LG Simple Editor - Unauthenticated Remote Code Execution via copyContent Command
CVSS 9.8
CVE-2023-39505 MEDIUM
PDF-XChange Editor - Information Disclosure via Net.HTTP.requests Method
CVSS 5.5
CVE-2023-39495 MEDIUM
PDF-XChange Editor - Information Disclosure via readFileIntoStream Method
CVSS 5.5
CVE-2023-39493 HIGH
PDF-XChange Editor - Remote Code Execution via exportAsText Method
CVSS 7.8
CVE-2023-39468 HIGH
Triangle MicroWorks SCADA Data Gateway - Authenticated RCE via DbasSectorFileToExecuteOnReset
CVSS 7.2
Details
Vulnerabilities 167
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits