Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-284

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,300 vulnerabilities with CWE-284

CVE-2024-41703 CRITICAL

LibreChat < 0.7.3 - Improper Access Control for Message Updates

CVE-2024-41600 HIGH

lin-cms-spring-boot < 0.2.1 - Insecure Permissions via UserController Login Method

CVE-2024-21169 MEDIUM

Oracle Marketing 12.2.3-12.2.13 - Unauthenticated Improper Access Control via HTTP

CVE-2024-21153 HIGH

Oracle Process Manufacturing 12.2.13 - Unauthorized Data Access/Modification via Quality Management Specs

CVE-2024-21150 MEDIUM

Oracle JD Edwards EnterpriseOne Tools < 9.2.8.2 - Unauthenticated Improper Access Control via Web Runtime SEC

CVE-2024-21145 MEDIUM

Oracle GraalVM 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1 - Improper Access Control in 2D Component

CVE-2024-21132 MEDIUM

Oracle Purchasing 12.2.3-12.2.13 - Authenticated Improper Access Control in Approvals

CVE-2024-37386 MEDIUM

Stormshield Network Security <4.3.25-4.7.5-4.8.0 - Privilege Escala...

CVE-2024-36438 HIGH

eLinkSmart Hidden Smart Cabinet Lock <2024-05-22 - Privilege Escala...

CVE-2024-6738 MEDIUM

Tronclass < 1.69.61976 - Unauthenticated Improper Access Control in Thumbnail API

CVE-2024-6737 HIGH

Electronic Official Document Management System - Privilege Escalation

CVE-2024-40547 MEDIUM

PublicCMS <4.0.202302.e - Code Injection

CVE-2024-6385 CRITICAL

GitLab CE/EE <16.11.6-17.1.2 - Privilege Escalation

CVE-2024-5470 LOW

GitLab 17.0-17.0.4 and 17.1-17.1.2 - Improper Access Control via Deploy Token Creation

CVE-2024-5257 MEDIUM

GitLab 17.0-17.0.4 and 17.1-17.1.2 - Improper Access Control via Group Namespace URL Modification

CVE-2024-2880 LOW

GitLab 16.5-16.11.5, 17.0-17.0.3, 17.1-17.1.1 - Improper Access Control

CVE-2024-37147 MEDIUM

GLPI 0.85-10.0.15 - Authenticated Improper Access Control via Document Attachment

CVE-2024-34725 HIGH

Android - Local Privilege Escalation via Race Condition in DevmemIntUnexportCtx

CVE-2024-31320 HIGH

Android - Local Privilege Escalation via Companion Device Association

CVE-2024-38100 HIGH

Windows File Explorer - Privilege Escalation

CVE-2024-38061 HIGH

Windows 10/11, Server 2008-2022 - Unauthenticated EoP via DCOM Remote Activation

CVE-2024-23663 HIGH

Fortinet FortiExtender Privilege Escalation via Crafted HTTP Request

CVE-2024-39697 HIGH

phonenumber 0.3.4-0.3.5 - Denial of Service via Malformed Phone Number String

CVE-2024-39701 MEDIUM

Directus 9.23.0-10.5.3 - Improper Access Control via Empty Array Evaluation in _in and _nin Operators

CVE-2024-39943 CRITICAL

rejetto HFS < 0.52.10 - Authenticated OS Command Injection via df Command Execution

Previous Page 102 of 212 Next

Details

Vulnerabilities 5,300

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy