CWE-749
173 CVEs classified under CWE-749. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-31491 | Critical | 10.0 | 2025-08-22 | Voltronic Power ViewPower through 1.04-24215, ViewPower Pro through 2.0-22165, and PowerShield Netguard before 1.04-23292 allows a remote attacker to run arbit… |
CVE-2023-40151 | Critical | 10.0 | 2023-11-21 | When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenti… |
CVE-2026-55454 | Critical | 9.9 | 2026-06-24 | Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the bundled Caddy reverse-proxy's admin API — which has no authenti… |
CVE-2026-41283 | Critical | 9.9 | 2026-06-04 | OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead… |
CVE-2026-30957 | Critical | 9.9 | 2026-03-10 | OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, OneUptime Synthetic Monitors allow a low-privileged authenticated projec… |
CVE-2026-30921 | Critical | 9.9 | 2026-03-10 | OneUptime is a solution for monitoring and managing online services. Prior to 10.0.20, OneUptime Synthetic Monitors allow low-privileged project users to submi… |
CVE-2024-32764 | Critical | 9.9 | 2024-04-26 | A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users wi… |
CVE-2019-18342 | Critical | 9.9 | 2019-12-12 | A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server… |
CVE-2026-24118 | Critical | 9.8 | 2026-05-04 | vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code w… |
CVE-2025-59403 | Critical | 9.8 | 2025-10-02 | The Flock Safety Android Collins application (aka com.flocksafety.android.collins) 6.35.31 for Android lacks authentication. It is responsible for the camera f… |
CVE-2023-51583 | Critical | 9.8 | 2024-05-03 | Voltronic Power ViewPower UpsScheduler Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbi… |
CVE-2023-51582 | Critical | 9.8 | 2024-05-03 | Voltronic Power ViewPower LinuxMonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execu… |
CVE-2023-51581 | Critical | 9.8 | 2024-05-03 | Voltronic Power ViewPower MacMonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute… |
CVE-2023-51575 | Critical | 9.8 | 2024-05-03 | Voltronic Power ViewPower MonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute ar… |
CVE-2023-51574 | Critical | 9.8 | 2024-05-03 | Voltronic Power ViewPower updateManagerPassword Exposed Dangerous Method Authentication Bypass Vulnerability. This vulnerability allows remote attackers to byp… |
CVE-2023-44414 | Critical | 9.8 | 2024-05-03 | D-Link D-View coreservice_action_script Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute a… |
CVE-2023-40501 | Critical | 9.8 | 2024-05-03 | LG Simple Editor copyContent Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary co… |
CVE-2023-40500 | Critical | 9.8 | 2024-05-03 | LG Simple Editor copyContent Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary co… |
CVE-2023-51573 | Critical | 9.8 | 2024-04-01 | Voltronic Power ViewPower Pro updateManagerPassword Exposed Dangerous Function Authentication Bypass Vulnerability. This vulnerability allows remote attackers… |
CVE-2024-27444 | Critical | 9.8 | 2024-02-26 | langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code vi… |