132 vulnerabilities classified as CWE-749 (暴露危险的方法或函数). AI Chinese analysis included.
CWE-749 represents a critical architectural flaw where an application exposes a dangerous method or function through its API without adequate access controls. This weakness occurs when developers fail to restrict sensitive operations, allowing external actors to invoke functions that should remain internal or privileged. Attackers typically exploit this by directly calling these unrestricted endpoints to bypass intended security logic, potentially leading to unauthorized data access, privilege escalation, or system compromise. The severity depends on the specific function exposed, ranging from information disclosure to complete system takeover. To mitigate this risk, developers must implement strict authentication and authorization checks on all API endpoints. Additionally, adhering to the principle of least privilege ensures that only necessary methods are exposed, while comprehensive input validation and regular security audits help identify and remediate improperly secured interfaces before they can be weaponized by malicious actors.
public void removeDatabase(String databaseName) { try { Statement stmt = conn.createStatement(); stmt.execute("DROP DATABASE " + databaseName); } catch (SQLException ex) {...} }private void removeDatabase(String databaseName) { try { Statement stmt = conn.createStatement(); stmt.execute("DROP DATABASE " + databaseName); } catch (SQLException ex) {...} }// Android @Override public boolean shouldOverrideUrlLoading(WebView view, String url){ if (url.substring(0,14).equalsIgnoreCase("examplescheme:")){ if(url.substring(14,25).equalsIgnoreCase("getUserInfo")){ writeDataToView(view, UserData); return false; } else{ return true; } } }// iOS -(BOOL) webView:(UIWebView *)exWebView shouldStartLoadWithRequest:(NSURLRequest *)exRequest navigationType:(UIWebViewNavigationType)exNavigationType { NSURL *URL = [exRequest URL]; if ([[URL scheme] isEqualToString:@"exampleScheme"]) { NSString *functionString = [URL resourceSpecifier]; if ([functionString hasPrefix:@"specialFunction"]) { // Make data available back in webview. UIWebView *webView = [self writeDataToView:[URL query]]; } return NO; } return YES; }| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2020-8212 | Citrix Systems XenMobile Server 安全漏洞 — Citrix XenMobile Server | 9.8 | - | 2020-08-17 |
| CVE-2020-15623 | CentOS Web Panel 安全漏洞 — CentOS Web Panel | 9.8 | - | 2020-07-28 |
| CVE-2020-10268 | RVD#2550: Terminate Critical Services in KUKA controller KR C4 — KR3R540, KRC4, KSS8.5.7HF1, Win7_Embedded | 4.6 | - | 2020-06-16 |
| CVE-2019-18342 | Siemens SiNVR 3 Central Control Server和SiNVR 3 Video Server 安全漏洞 — Control Center Server (CCS) | 9.9 | Critical | 2019-12-12 |
| CVE-2019-13945 | Siemens SIMATIC S7-200和S7-1200 输入验证错误漏洞 — SIMATIC S7-1200 CPU family (incl. SIPLUS variants) | 6.1 | - | 2019-12-12 |
| CVE-2019-10918 | 西门子 SIMATIC WinCC 安全漏洞 — SIMATIC PCS 7 V8.0 and earlier | 8.8 | - | 2019-05-14 |
| CVE-2019-5015 | Pixar Renderman 代码问题漏洞 — Pixar Renderman | 7.8 | - | 2019-03-08 |
| CVE-2018-10931 | Cobbler 资料不足漏洞 — cobbler | 9.8 | - | 2018-08-09 |
| CVE-2018-8868 | Medtronic MyCareLink Patient Monitor Exposed Dangerous Method or Function — 24950 MyCareLink Monitor | 6.2 | Medium | 2018-07-02 |
| CVE-2016-9469 | GitLab 安全漏洞 — GitLab Community Edition & GitLab Enterprise Edition 8.13.0, 8.13.0-ee, 8.13.1, 8.13.1-ee, 8.13.2, 8.13.2-ee, 8.13.3, 8.13.3-ee, 8.13.4, 8.13.4-ee, 8.13.5, 8.13.5-ee, 8.13.6, 8.13.6-ee, 8.13.7, 8.14.0, 8.14.0-ee, 8.14.1 | 8.2 | - | 2017-03-28 |
| CVE-2014-5415 | Beckhoff Embedded PC Images and TwinCAT Components Exposed Dangerous Method or Function — Embedded PC Images | 9.1 | Critical | 2016-10-05 |
| CVE-2014-0758 | ICONICS GENESIS32 Exposed Dangerous Method or Function — GENESIS32 | 7.8 | - | 2014-02-24 |
Vulnerabilities classified as CWE-749 (暴露危险的方法或函数) represent 132 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.