Common Weakness Enumeration

CWE-749

Allowed

Exposed Dangerous Method or Function

Abstraction: Base · Status: Incomplete

The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

304 vulnerabilities reference this CWE, most recent first.

GHSA-H7WP-7Q3V-7M5W

Vulnerability from github – Published: 2024-01-30 21:30 – Updated: 2024-02-08 15:30
VLAI
Details

An attacker could potentially exploit this vulnerability, leading to the ability to modify files on Honeywell Experion VirtualUOC and UOC . This exploit could be used to write a file that may result in unexpected behavior based on configuration changes or updating of files that could result in subsequent execution of a malicious application if triggered. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. 

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-5389"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-749"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-30T20:15:45Z",
    "severity": "CRITICAL"
  },
  "details": "\nAn attacker could potentially exploit this vulnerability, leading to the ability to modify files on Honeywell Experion VirtualUOC and UOC . This exploit could be used to write a file that may result in unexpected behavior based on configuration changes or updating of files that could result in subsequent execution of a malicious application if triggered. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.\u00a0",
  "id": "GHSA-h7wp-7q3v-7m5w",
  "modified": "2024-02-08T15:30:26Z",
  "published": "2024-01-30T21:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5389"
    },
    {
      "type": "WEB",
      "url": "https://process.honeywell.com"
    },
    {
      "type": "WEB",
      "url": "https://www.honeywell.com/us/en/product-security"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H8WV-X2GQ-WQW9

Vulnerability from github – Published: 2026-07-03 21:31 – Updated: 2026-07-03 21:31
VLAI
Details

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-45489"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-290",
      "CWE-749"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-03T21:17:00Z",
    "severity": "MODERATE"
  },
  "details": "Microsoft Edge (Chromium-based) Spoofing Vulnerability",
  "id": "GHSA-h8wv-x2gq-wqw9",
  "modified": "2026-07-03T21:31:38Z",
  "published": "2026-07-03T21:31:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45489"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45489"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HFJ7-FPWH-Q5VG

Vulnerability from github – Published: 2023-08-09 00:31 – Updated: 2024-09-27 21:31
VLAI
Details

Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-39214"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-668",
      "CWE-749"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-08T22:15:10Z",
    "severity": "HIGH"
  },
  "details": "\nExposure of sensitive information in Zoom Client SDK\u0027s before 5.15.5 may allow an authenticated user to enable a denial of service via network access.\n\n",
  "id": "GHSA-hfj7-fpwh-q5vg",
  "modified": "2024-09-27T21:31:45Z",
  "published": "2023-08-09T00:31:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39214"
    },
    {
      "type": "WEB",
      "url": "https://explore.zoom.us/en/trust/security/security-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HPW2-7W94-FF35

Vulnerability from github – Published: 2023-06-13 09:30 – Updated: 2024-04-04 04:46
VLAI
Details

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The affected devices contain an exposed UART console login interface. An attacker with direct physical access could try to bruteforce or crack the root password to login to the device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-33921"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-749"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-13T09:15:18Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been identified in CP-8031 MASTER MODULE (All versions \u003c CPCI85 V05), CP-8050 MASTER MODULE (All versions \u003c CPCI85 V05). The affected devices contain an exposed UART console login interface. An attacker with direct physical access could try to bruteforce or crack the root password to login to the device.",
  "id": "GHSA-hpw2-7w94-ff35",
  "modified": "2024-04-04T04:46:06Z",
  "published": "2023-06-13T09:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33921"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdf"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Jul/14"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HQJC-QGF5-4M63

Vulnerability from github – Published: 2025-01-09 21:31 – Updated: 2025-01-10 18:31
VLAI
Details

Exposed Dangerous Method or Function vulnerability in Drupal Swift Mailer allows Resource Location Spoofing.This issue affects Swift Mailer: ..

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-13242"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-749"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-09T19:15:18Z",
    "severity": "CRITICAL"
  },
  "details": "Exposed Dangerous Method or Function vulnerability in Drupal Swift Mailer allows Resource Location Spoofing.This issue affects Swift Mailer: *.*.",
  "id": "GHSA-hqjc-qgf5-4m63",
  "modified": "2025-01-10T18:31:39Z",
  "published": "2025-01-09T21:31:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13242"
    },
    {
      "type": "WEB",
      "url": "https://www.drupal.org/sa-contrib-2024-006"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HQPM-5797-2GXF

Vulnerability from github – Published: 2024-05-03 03:30 – Updated: 2024-05-03 03:30
VLAI
Details

PDF-XChange Editor readFileIntoStream Exposed Dangerous Function Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the readFileIntoStream method. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to disclose information in the context of the current user. Was ZDI-CAN-19657.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-39495"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-749"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-03T03:15:16Z",
    "severity": "MODERATE"
  },
  "details": "PDF-XChange Editor readFileIntoStream Exposed Dangerous Function Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the readFileIntoStream method. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to disclose information in the context of the current user. Was ZDI-CAN-19657.",
  "id": "GHSA-hqpm-5797-2gxf",
  "modified": "2024-05-03T03:30:56Z",
  "published": "2024-05-03T03:30:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39495"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1141"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HXG4-C72J-73RF

Vulnerability from github – Published: 2023-11-21 00:30 – Updated: 2023-11-21 00:30
VLAI
Details

When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP the RTU will simply accept the message with no authentication challenge.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-40151"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-749"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-21T00:15:06Z",
    "severity": "CRITICAL"
  },
  "details": "\n\n\nWhen user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP the RTU will simply accept the message with no authentication challenge.\n\n\n\n",
  "id": "GHSA-hxg4-c72j-73rf",
  "modified": "2023-11-21T00:30:27Z",
  "published": "2023-11-21T00:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40151"
    },
    {
      "type": "WEB",
      "url": "https://support.redlion.net/hc/en-us/articles/19339209248269-RLCSIM-2023-05-Authentication-Bypass-and-Remote-Code-Execution"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J4P8-H8MH-RH8Q

Vulnerability from github – Published: 2025-12-26 18:26 – Updated: 2025-12-31 00:20
VLAI
Summary
Self-hosted n8n has Legacy Code node that enables arbitrary file read/write
Details

Impact

In self-hosted n8n instances where the Code node runs in legacy (non-task-runner) JavaScript execution mode, authenticated users with workflow editing access can invoke internal helper functions from within the Code node.

This allows a workflow editor to perform actions on the n8n host with the same privileges as the n8n process, including:

  • Reading files from the host filesystem (subject to any file-access restrictions configured on the instance and OS/container permissions)
  • Writing files to the host filesystem (subject to the same restrictions)

Starting with n8n version 1.2.1, access to files in the n8n home directory (.n8n) is blocked by default. However, this does not restrict access to other parts of the filesystem unless additional file access limitations are configured.

Patches

  • Upgrade to n8n version 2.0.0 or later, where task runners are enabled by default for Code node execution.
  • On n8n version 1.71.0 and above, enable task runners by setting N8N_RUNNERS_ENABLED=true.

Workarounds

If you cannot immediately migrate to task runners:

  • Limit file operations by setting N8N_RESTRICT_FILE_ACCESS_TO to a dedicated directory (e.g., ~/.n8n-files) and ensure it contains no sensitive data.
  • Keep N8N_BLOCK_FILE_ACCESS_TO_N8N_FILES=true (default) to block access to .n8n and user-defined config files.
  • If workflow editors are not fully trusted, consider disabling high-risk nodes (including the Code node) using NODES_EXCLUDE.

Resources

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "n8n"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.2.1"
            },
            {
              "fixed": "2.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-68697"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-749"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-12-26T18:26:38Z",
    "nvd_published_at": "2025-12-26T22:15:52Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nIn self-hosted n8n instances where the Code node runs in legacy (non-task-runner) JavaScript execution mode, authenticated users with workflow editing access can invoke internal helper functions from within the Code node.\n\nThis allows a workflow editor to perform actions on the n8n host with the same privileges as the n8n process, including:\n\n- Reading files from the host filesystem (subject to any file-access restrictions configured on the instance and OS/container permissions)\n- Writing files to the host filesystem (subject to the same restrictions)\n\nStarting with n8n version 1.2.1, access to files in the n8n home directory (`.n8n`) is blocked by default. However, this does not restrict access to other parts of the filesystem unless additional file access limitations are configured.\n\n### Patches\n\n- Upgrade to **n8n version 2.0.0 or later**, where task runners are enabled by default for Code node execution.\n- On **n8n version 1.71.0 and above**, enable task runners by setting `N8N_RUNNERS_ENABLED=true`.\n\n### Workarounds\n\nIf you cannot immediately migrate to task runners:\n\n- Limit file operations by setting `N8N_RESTRICT_FILE_ACCESS_TO` to a dedicated directory (e.g., `~/.n8n-files`) and ensure it contains no sensitive data.\n- Keep `N8N_BLOCK_FILE_ACCESS_TO_N8N_FILES=true` (default) to block access to `.n8n` and user-defined config files.\n- If workflow editors are not fully trusted, consider disabling high-risk nodes (including the Code node) using `NODES_EXCLUDE`.\n\n### Resources\n\n- n8n Docs: [Task runners](https://docs.n8n.io/hosting/configuration/task-runners/)\n- n8n Docs: [Task runner environment variables](https://docs.n8n.io/hosting/configuration/environment-variables/task-runners/)\n- n8n Docs: [Security environment variables](https://docs.n8n.io/hosting/configuration/environment-variables/security/#security-environment-variables)\n- n8n Docs: [v2.0 breaking changes](https://docs.n8n.io/2-0-breaking-changes/#enable-task-runners-by-default)",
  "id": "GHSA-j4p8-h8mh-rh8q",
  "modified": "2025-12-31T00:20:06Z",
  "published": "2025-12-26T18:26:38Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-j4p8-h8mh-rh8q"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68697"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/n8n-io/n8n"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Self-hosted n8n has Legacy Code node that enables arbitrary file read/write"
}

GHSA-JJ92-X469-335W

Vulnerability from github – Published: 2024-10-18 09:31 – Updated: 2024-10-18 09:31
VLAI
Details

The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-4739"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-749"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-18T09:15:03Z",
    "severity": "MODERATE"
  },
  "details": "The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource.",
  "id": "GHSA-jj92-x469-335w",
  "modified": "2024-10-18T09:31:26Z",
  "published": "2024-10-18T09:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4739"
    },
    {
      "type": "WEB",
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-231878-mxsecurity-series-multiple-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JMJF-JWVM-X7JX

Vulnerability from github – Published: 2026-05-27 09:31 – Updated: 2026-05-27 09:31
VLAI
Details

An Exposed Dangerous Method or Function vulnerability in Synology C2 Identity Edge Server package in DSM before 1.76.0-0307 allows remote attackers to obtain user credentials from the edge server.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-14713"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-749"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-27T09:16:26Z",
    "severity": "HIGH"
  },
  "details": "An Exposed Dangerous Method or Function vulnerability in Synology C2 Identity Edge Server package in DSM before 1.76.0-0307 allows remote attackers to obtain user credentials from the edge server.",
  "id": "GHSA-jmjf-jwvm-x7jx",
  "modified": "2026-05-27T09:31:16Z",
  "published": "2026-05-27T09:31:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14713"
    },
    {
      "type": "WEB",
      "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_25_18"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

If you must expose a method, make sure to perform input validation on all arguments, limit access to authorized parties, and protect against all possible vulnerabilities.

Mitigation
Architecture and Design Implementation

Strategy: Attack Surface Reduction

  • Identify all exposed functionality. Explicitly list all functionality that must be exposed to some user or set of users. Identify which functionality may be:
  • Ensure that the implemented code follows these expectations. This includes setting the appropriate access modifiers where applicable (public, private, protected, etc.) or not marking ActiveX controls safe-for-scripting.
  • accessible to all users
  • restricted to a small set of privileged users
  • prevented from being directly accessible at all
CAPEC-500: WebView Injection

An adversary, through a previously installed malicious application, injects code into the context of a web page displayed by a WebView component. Through the injected code, an adversary is able to manipulate the DOM tree and cookies of the page, expose sensitive information, and can launch attacks against the web application from within the web page.