CWE-749

173 CVEs classified under CWE-749. Browse by severity and year.

Top CVEs for CWE-749
CVESeverityScorePublishedSummary
CVE-2022-31491Critical10.02025-08-22Voltronic Power ViewPower through 1.04-24215, ViewPower Pro through 2.0-22165, and PowerShield Netguard before 1.04-23292 allows a remote attacker to run arbit…
CVE-2023-40151Critical10.02023-11-21 When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenti…
CVE-2026-55454Critical9.92026-06-24Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the bundled Caddy reverse-proxy's admin API — which has no authenti…
CVE-2026-41283Critical9.92026-06-04OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead…
CVE-2026-30957Critical9.92026-03-10OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, OneUptime Synthetic Monitors allow a low-privileged authenticated projec…
CVE-2026-30921Critical9.92026-03-10OneUptime is a solution for monitoring and managing online services. Prior to 10.0.20, OneUptime Synthetic Monitors allow low-privileged project users to submi…
CVE-2024-32764Critical9.92024-04-26A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users wi…
CVE-2019-18342Critical9.92019-12-12A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server…
CVE-2026-24118Critical9.82026-05-04vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code w…
CVE-2025-59403Critical9.82025-10-02The Flock Safety Android Collins application (aka com.flocksafety.android.collins) 6.35.31 for Android lacks authentication. It is responsible for the camera f…
CVE-2023-51583Critical9.82024-05-03Voltronic Power ViewPower UpsScheduler Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbi…
CVE-2023-51582Critical9.82024-05-03Voltronic Power ViewPower LinuxMonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execu…
CVE-2023-51581Critical9.82024-05-03Voltronic Power ViewPower MacMonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute…
CVE-2023-51575Critical9.82024-05-03Voltronic Power ViewPower MonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute ar…
CVE-2023-51574Critical9.82024-05-03Voltronic Power ViewPower updateManagerPassword Exposed Dangerous Method Authentication Bypass Vulnerability. This vulnerability allows remote attackers to byp…
CVE-2023-44414Critical9.82024-05-03D-Link D-View coreservice_action_script Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute a…
CVE-2023-40501Critical9.82024-05-03LG Simple Editor copyContent Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary co…
CVE-2023-40500Critical9.82024-05-03LG Simple Editor copyContent Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary co…
CVE-2023-51573Critical9.82024-04-01Voltronic Power ViewPower Pro updateManagerPassword Exposed Dangerous Function Authentication Bypass Vulnerability. This vulnerability allows remote attackers…
CVE-2024-27444Critical9.82024-02-26langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code vi…