Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-749

CWE-749

Low likelihood

Exposed Dangerous Method or Function

Parent: CWE-284 - Improper Access Control

The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

167 vulnerabilities with CWE-749

CVE-2023-38124 HIGH

Inductive Automation Ignition < 8.1.26 - Authenticated Remote Code Execution via OPC UA Quick Client Task Scheduling

CVE-2023-38101 HIGH

NETGEAR ProSAFE Network Management System < 1.7.0.20 - Remote Code Execution via SettingConfigController

CVE-2023-38097 HIGH

NETGEAR ProSAFE Network Management System < 1.7.0.20 - Remote Code Execution via BkreProcessThread Exposed Function

CVE-2023-37330 HIGH

Kofax Power PDF < 5.0.0.11 - Remote Code Execution via exportAsText Method

CVE-2023-27365 HIGH

Foxit PDF Editor - Remote Code Execution via DOC File Macro Parsing

CVE-2023-27364 HIGH

Foxit PDF Editor - Remote Code Execution via XLS File Parsing

CVE-2023-27363 HIGH

Foxit PDF Reader < 12.1.1.15289 and PDF Editor < 10.1.11.37866 - Remote Code Execution via exportXFAData Method

CVE-2023-49074 HIGH

TP-Link EAP225 V3 v5.1.0 Build 20220926 - Unauthenticated Denial of Service via TDDP Network Requests

CVE-2023-51573 CRITICAL

Voltronic Power ViewPower Pro - Auth Bypass

CVE-2023-5389 CRITICAL

Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC - Fil...

CVE-2023-50424 CRITICAL

SAP BTP Security Services Integration Library < 0.17.0 - Privilege Escalation

CVE-2023-50423 CRITICAL

SAP XSSEC < 4.1.0 - Unauthenticated Privilege Escalation

CVE-2023-50422 CRITICAL

SAP BTP Security Services Integration Library <2.17.0 and 3.0.0-<3.3.0 - Privilege Escalation

CVE-2023-49583 CRITICAL

SAP @sap/xssec < 3.6.0 - Unauthenticated Privilege Escalation

CVE-2023-39226 CRITICAL

Delta Electronics InfraSuite Device Master <1.0.7 - RCE

CVE-2023-40151 CRITICAL

Red Lion SixTRAK and VersaTRAK Series - Privilege Escalation

CVE-2023-42494 HIGH

EisBaer Scada < 3.0.6433.1964 - Exposed Dangerous Method or Function

CVE-2023-3656 CRITICAL

cashit! < 03.a06rks_2023.02.37 - Unauthenticated Remote Code Execution via HTTP Endpoint

CVE-2023-3655 HIGH

cashIT! - PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH 03.A06rk...

CVE-2023-40150 CRITICAL

Softneta MedDream PACS < 7.2.8.810 - Unauthenticated Remote Code Execution

CVE-2023-3612 HIGH

Govee Home < 5.8.01 - Unauthenticated JavaScript Execution via WebView URL Handling

CVE-2023-39214 HIGH

Zoom Client SDK <5.15.5 - Info Disclosure

CVE-2023-36853 HIGH

Keysight Geolocation Server <v2.4.2 - Code Injection

CVE-2023-33921 MEDIUM

CP-8031/CP-8050 <CPCI85 V05 - Info Disclosure

CVE-2023-34227 MEDIUM

JetBrains TeamCity < 2023.05 - Brute Force Attack via Specific Endpoint

Previous Page 5 of 7 Next

Details

Vulnerabilities 167

Exploit Likelihood Low

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy