Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-749

CWE-749

Low likelihood

Exposed Dangerous Method or Function

Parent: CWE-284 - Improper Access Control

The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

167 vulnerabilities with CWE-749

CVE-2023-26478 MEDIUM

XWiki Platform <14.3-rc-1 - Info Disclosure

CVE-2022-31491 CRITICAL

Voltronic Power ViewPower <1.04-24215, ViewPower Pro <2.0-22165, Po...

CVE-2022-37365 HIGH

PDF-XChange Editor - Arbitrary File Write via JavaScript saveAs Method

CVE-2022-46156 HIGH

Grafana Synthetic Monitoring <0.12.0 - Info Disclosure

CVE-2022-4136 CRITICAL

leadshop 1.4.15 - Remote Code Execution via Exposed Method in leadshop.php

CVE-2021-33639 HIGH

openatom openeuler_kernel < 4.19.90-2211.4.0.0177 - Unauthenticated Memory Protection Bypass via SVM REMAP Command

CVE-2021-34996 HIGH

Commvault CommCell - Authenticated Remote Code Execution via Demo_ExecuteProcessOnGroup Workflow

CVE-2021-35243 MEDIUM

Web Help Desk <12.7.7 - Info Disclosure

CVE-2021-42128 CRITICAL

Ivanti Avalanche < 6.3.3 - Privilege Escalation via Enterprise Server Service

CVE-2021-26614 HIGH

IpTime C200 Firmware < 1.060 - Remote Code Execution via ius_get.cgi

CVE-2021-28809 CRITICAL

QNAP Hybrid Backup Sync < 3.0.210507 - Improper Access Control

CVE-2020-2503 CRITICAL

QNAP QES < 2.1.1 - Stored Cross-Site Scripting in File Station

CVE-2020-12927 HIGH

AMD VBIOS Flash Tool SDK - Privilege Escalation

CVE-2020-12912 MEDIUM

AMD Energy Driver for Linux - Unauthenticated Side Channel Attack via RAPL Interface

CVE-2020-27123 MEDIUM

Cisco AnyConnect Secure Mobility Client for Windows - Info Disclosure

CVE-2020-12928 HIGH

AMD Ryzen Master V15 - Privilege Escalation

CVE-2020-3513 MEDIUM

Cisco IOS XE - Privilege Escalation

CVE-2020-3416 MEDIUM

Cisco IOS XE - Privilege Escalation

CVE-2020-17391 MEDIUM

Parallels Desktop 15.1.3-47255 - Info Disclosure

CVE-2020-17388 HIGH

Marvell QConvergeConsole 5.5.0.64 - RCE

CVE-2020-8212 CRITICAL

Citrix XenMobile <10.12 - Privilege Escalation

CVE-2020-15623 CRITICAL

CentOS Web Panel cwp-e17.0.9.8.923 - Root File Write via ajax_mod_security

CVE-2020-10268 MEDIUM

KUKA KR C4 Firmware - Unauthenticated Denial of Service via Task Manager Service Termination

CVE-2019-20923 MEDIUM

MongoDB 4.0.0-4.0.6 - Denial of Service via Unhandled JavaScript Exception

CVE-2019-18342 CRITICAL

Control Center Server <1.5.0 - Info Disclosure

Previous Page 6 of 7 Next

Details

Vulnerabilities 167

Exploit Likelihood Low

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy