Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-284

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

4,788 vulnerabilities with CWE-284

CVE-2026-7578 MEDIUM

MacCMS Pro Plugin Installation add.html install unrestricted upload

CVE-2026-2311 MEDIUM

IBM i is affected by a privilege escalation vulnerability in Web Administration GUI []

CVE-2026-40603 MEDIUM

Chartbrew: Incorrect Access Control in /api/project/dashboard/:brewName via same-team override

CVE-2026-40595 HIGH

Chartbrew: Incorrect Access Control in public chart and export routes via missing onReport and SharePolicy checks

CVE-2026-40904 HIGH

Chartbrew: Incorrect Access Control in dataset and dataRequest routes via team-scoped permission checks

CVE-2026-7468 HIGH

1024-lab smart-admin Demo Site index.html access control

CVE-2026-7393 MEDIUM

SourceCodester Pizzafy Ecommerce System File Extension admin_class_novo.php save_menu unrestricted upload

CVE-2026-5141 HIGH

Improper Access Control in TUBITAK BILGEM's Pardus Software Center

CVE-2026-5780 HIGH

Multiple vulnerabilities in MphRx's Minerva

CVE-2026-5779 CRITICAL

Multiple vulnerabilities in MphRx's Minerva

CVE-2026-7238 MEDIUM

code-projects Online Music Site AdminUpdateAlbum.php unrestricted upload

CVE-2026-40966 MEDIUM

VectorStoreChatMemoryAdvisor conversation scoping can lead to cross-tenant memory exfiltration

CVE-2026-7134 MEDIUM

code-projects Online Lot Reservation System edithousepic.php unrestricted upload

CVE-2026-7133 MEDIUM

code-projects Online Lot Reservation System activity.php unrestricted upload

CVE-2026-7107 MEDIUM

code-projects Invoice System in Laravel company unrestricted upload

CVE-2026-7044 MEDIUM

GreenCMS index.php themeadd unrestricted upload

CVE-2026-7043 MEDIUM

GreenCMS index.php pluginAddLocal unrestricted upload

CVE-2026-7041 LOW

666ghj MiroFish Werkzeug Debugger PIN console information disclosure

CVE-2026-7021 LOW

SmythOS sre Connector Service utils.ts information disclosure

CVE-2026-33318 HIGH

Actual has Privilege Escalation via 'change-password' Endpoint on OpenID-Migrated Servers

CVE-2026-29197 MEDIUM

Rocket.Chat <8.4.0 - Auth Bypass

CVE-2026-24303 CRITICAL

Microsoft Partner Center Elevation of Privilege Vulnerability

CVE-2026-41277 HIGH

Flowise: Mass Assignment in DocumentStore Create Endpoint Leads to Cross-Workspace Object Takeover (IDOR)

CVE-2026-41270 HIGH

Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox

CVE-2026-41243 MEDIUM

OpenLearn's pending forum posts remain publicly readable by direct ID when moderation mode is enabled

Page 1 of 192 Next

Details

Vulnerabilities 4,788

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy