CWE-749: CWE-749
Yearly Trend
Top Affected Vendors
All CWE-749 CVEs (50)
This vulnerability allows attackers to bypass authentication and execute arbitrary commands with highest privileges on Red Lion SixTRAK and VersaTRAK ...
Nov 21, 2023The Flock Safety Collins Android app exposes unauthenticated administrative API endpoints on port 8080, allowing attackers on the same network to rebo...
Oct 2, 2025This vulnerability allows unauthenticated remote attackers to execute arbitrary code with SYSTEM privileges on Voltronic Power ViewPower installations...
May 3, 2024This vulnerability allows remote attackers to execute arbitrary code on Voltronic Power ViewPower installations without authentication. The exposed da...
May 3, 2024This vulnerability allows remote attackers to bypass authentication on Voltronic Power ViewPower systems without requiring credentials. The exposed up...
May 3, 2024This critical vulnerability in D-Link D-View allows unauthenticated remote attackers to execute arbitrary code with SYSTEM privileges. The flaw exists...
May 3, 2024This vulnerability allows remote attackers to execute arbitrary code as SYSTEM on affected LG Simple Editor installations without authentication. Atta...
May 3, 2024This vulnerability allows attackers to bypass previous security fixes in LangChain Experimental and execute arbitrary Python code via specific attribu...
Feb 26, 2024This critical vulnerability in Delta Electronics InfraSuite Device Master allows unauthenticated attackers to execute arbitrary code remotely by sendi...
Nov 30, 2023Softneta MedDream PACS has a critical vulnerability that allows unauthenticated attackers to execute arbitrary code remotely without authentication. T...
Sep 11, 2023OpenS100 (S-100 viewer reference implementation) contains a remote code execution vulnerability where untrusted portrayal catalogues can execute arbit...
Feb 17, 2026GoldenDict 1.5.0 and 1.5.1 contain an exposed dangerous method that allows arbitrary file read and write operations when a user adds a malicious dicti...
Jul 17, 2025This vulnerability allows attackers to modify files on Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC systems. Successful exploitation ...
Jan 30, 2024This vulnerability in SAP BTP Security Services Integration Library (Golang client) allows unauthenticated attackers to escalate privileges and obtain...
Dec 12, 2023This vulnerability in SAP BTP Security Services Integration Library allows unauthenticated attackers to escalate privileges and gain arbitrary permiss...
Dec 12, 2023CVE-2023-49583 is a critical privilege escalation vulnerability in SAP BTP Security Services Integration Library for Node.js. Unauthenticated attacker...
Dec 12, 2023This vulnerability allows authenticated remote attackers to execute arbitrary code as root on D-Link D-View network management systems. Attackers can ...
May 23, 2024This vulnerability in Inductive Automation Ignition allows authenticated remote attackers to execute arbitrary code with SYSTEM privileges by exploiti...
May 3, 2024This vulnerability in PTT Inc. HGS Mobile App allows attackers to manipulate user-controlled variables through exposed dangerous methods or functions....
Feb 14, 2025The Govee Home app has an unprotected WebView component that allows any app on the device to open it with arbitrary URLs. This enables attackers to ex...
Sep 11, 2023This vulnerability allows non-administrative users to execute configuration APIs on Sharp and Toshiba Tec multifunction printers (MFPs) that should be...
Oct 25, 2024This vulnerability allows local attackers with low-privileged access to escalate privileges to SYSTEM level by exploiting an exposed dangerous functio...
Dec 23, 2025This vulnerability in RealDefense SUPERAntiSpyware allows local attackers who already have low-privileged access to escalate to SYSTEM privileges by e...
Dec 23, 2025This vulnerability in RealDefense SUPERAntiSpyware allows local attackers to escalate privileges from low-privileged user accounts to SYSTEM-level acc...
Dec 23, 2025This vulnerability in RealDefense SUPERAntiSpyware allows local attackers to escalate privileges from low-privileged user accounts to SYSTEM level. At...
Dec 23, 2025This vulnerability in RealDefense SUPERAntiSpyware allows local attackers to escalate privileges from low-privileged user accounts to SYSTEM-level acc...
Dec 23, 2025This vulnerability in RealDefense SUPERAntiSpyware allows local attackers to escalate privileges from low-privileged user accounts to SYSTEM level. At...
Dec 23, 2025This vulnerability allows local attackers to escalate privileges from a low-privileged account to SYSTEM on systems running RealDefense SUPERAntiSpywa...
Dec 23, 2025This vulnerability in RealDefense SUPERAntiSpyware allows local attackers to escalate privileges from low-privileged user accounts to SYSTEM-level acc...
Dec 23, 2025This vulnerability in RealDefense SUPERAntiSpyware allows local attackers to escalate privileges from low-privileged user accounts to SYSTEM level acc...
Dec 23, 2025This vulnerability in RealDefense SUPERAntiSpyware allows local attackers to escalate privileges from low-privileged user accounts to SYSTEM-level acc...
Dec 23, 2025This CVE describes a memory corruption vulnerability in Qualcomm's GVM (Guest Virtual Machine) request processing. Attackers could exploit this to exe...
Nov 4, 2025This vulnerability allows a local unprivileged user on Windows systems running baramundi Management Agent v23.1.172.0 to escalate privileges to SYSTEM...
Jul 15, 2024This vulnerability in Foxit PDF Editor allows remote attackers to execute arbitrary code by tricking users into opening malicious XLS files. The flaw ...
May 3, 2024An unauthenticated denial-of-service vulnerability in HPE Insight Remote Support (IRS) allows attackers to crash the service without credentials. This...
Jul 1, 2025An interface exposure vulnerability in the CarlCare mobile application allows unauthorized access to sensitive application components. This could lead...
Apr 16, 2025This vulnerability allows remote attackers to cause denial-of-service conditions on Voltronic Power ViewPower systems without authentication. The expo...
May 3, 2024This vulnerability in Visualware MyConnection Server exposes the doRTAAccessUPass method, allowing unauthenticated remote attackers to access sensitiv...
May 3, 2024CVE-2023-42494 is a vulnerability in EisBaer Scada software where dangerous methods or functions are exposed without proper access controls. This allo...
Oct 25, 2023CVE-2021-26614 is a remote code execution vulnerability in IpTime C200 IP cameras. Attackers can send specially crafted parameters to the ius_get.cgi ...
Nov 22, 2021An unauthenticated denial-of-service vulnerability in the TDDP functionality of TP-Link EAP225 V3 access points allows attackers to send specially cra...
Apr 9, 2024This vulnerability allows authenticated remote attackers to execute arbitrary code with SYSTEM privileges on PaperCut NG servers by exploiting an expo...
Nov 22, 2024This vulnerability in Triangle MicroWorks SCADA Data Gateway allows authenticated remote attackers to execute arbitrary code with SYSTEM privileges by...
May 3, 2024A cryptographic vulnerability in Qualcomm's Trusted Zone when triggered by the High-Level Operating System (HLOS) providing incorrect input. This allo...
Feb 2, 2026This vulnerability in h2oai/h2o-3 version 3.46.0 exposes an endpoint that allows attackers to encrypt arbitrary files on the server with custom keys, ...
Mar 20, 2025This CVE describes a cross-site scripting (XSS) vulnerability in Nextcloud's files_pdfviewer example directory. Attackers can execute arbitrary JavaSc...
Dec 4, 2025This vulnerability allows attackers to steal source code from Nuxt applications during development when developers visit malicious websites. It affect...
Jan 25, 2025This vulnerability in Orchid Platform exposes dangerous methods in the Screen class through asynchronous modal functionality, allowing attackers to ca...
Nov 11, 2024Microsoft Playwright MCP Server versions before 0.0.40 lack Origin header validation, enabling DNS rebinding attacks. Attackers can exploit this via a...
Jan 7, 2026MCP Gateway versions 0.27.0 and earlier are vulnerable to DNS rebinding attacks when running in SSE or streaming transport mode. This allows attackers...
Dec 3, 2025About CWE-749 (CWE-749)
Our database tracks 50 CVEs classified as CWE-749, with 16 rated critical and 28 rated high severity. The average CVSS score for CWE-749 vulnerabilities is 8.2.
External reference: View CWE-749 on MITRE CWE →
Monitor CWE-749 Vulnerabilities
Get alerted when new CWE-749 CVEs affect your infrastructure.
Start Monitoring Free