Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-284

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,075 vulnerabilities with CWE-284

CVE-2026-42205 HIGH

Avo: Broken Access Control: Unauthorized Execution of Arbitrary Action Classes Across Resources

CVE-2026-41487 MEDIUM

Langfuse: Improper role-based-access control in Langfuse LLM connection management allowed users of role “member” to retrieve stored LLM provider API keys

CVE-2026-41491 HIGH

Dapr: Service Invocation path traversal ACL bypass

CVE-2026-8069 HIGH

PredatorSense V3: Local Privilege Escalation (LPE) vulnerability

CVE-2026-42278 HIGH

UltraDAG: Smart Account Spending Policy Bypass via Pockets

CVE-2026-41900 HIGH

OpenLearnX has Critical Remote Code Execution Through Python Sandbox Escape via Code Execution Environment

CVE-2026-41646 MEDIUM

Nuclei: Local File Read via require() Module Loader Bypass

CVE-2026-8127 MEDIUM

eladmin Users API Endpoint UserController.java checkLevel access control

CVE-2026-35435 HIGH

Azure AI Foundry Elevation of Privilege Vulnerability

CVE-2026-33109 CRITICAL

Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability

CVE-2026-37709 CRITICAL

snipe-it < 8.4.1 - Remote Code Execution via UploadedFilesController

CVE-2026-5788 HIGH

Ivanti Endpoint Manager Mobile < 12.6.1.1, < 12.7.0.1, < 12.8.0.1 - Unauthenticated Arbitrary Method Invocation

CVE-2026-5786 HIGH

Ivanti Endpoint Manager Mobile < 12.6.1.1, < 12.7.0.1, < 12.8.0.1 - Authenticated Privilege Escalation

CVE-2026-41641 HIGH

NocoBase Vulnerable to SQL Validation Bypass via `sqlCollection:update` Missing `checkSQL` Call

CVE-2026-8033 MEDIUM

PicoTronica e-Clinic Healthcare System ECHS Response Header v2 information disclosure

CVE-2026-7959 LOW

Google Chrome - Site Isolation Bypass

CVE-2026-20167 HIGH

Cisco IoT Field Network Director Remote Device Denial of Service Vulnerability

CVE-2026-8028 LOW

FlowiseAI Flowise Endpoint account.service.ts verify information disclosure

CVE-2026-8026 LOW

FlowiseAI Flowise API Response account.service.ts login information disclosure

CVE-2026-42222 HIGH

nginx-ui: Unauthenticated first-boot instance claim via POST /api/install allows remote bootstrap takeover

CVE-2026-42812 CRITICAL

Apache Polaris: No protection on `write.metadata.path`

CVE-2026-7733 HIGH

funadmin Frontend Chunked Upload Endpoint UploadService.php chunkUpload unrestricted upload

CVE-2026-7732 MEDIUM

code-projects BloodBank Managing System request_blood.php unrestricted upload

CVE-2026-7711 HIGH

MindsDB Engine proc_wrapper.py exec unrestricted upload

CVE-2026-7696 MEDIUM

Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform uploadH5Files unrestricted upload

Previous Page 10 of 203 Next

Details

Vulnerabilities 5,075

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy