Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-284

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,300 vulnerabilities with CWE-284

CVE-2024-39934 HIGH

Robotmk <2.0.1 - Privilege Escalation

CVE-2024-6428 MEDIUM

Mattermost <9.8.0 - Info Disclosure

CVE-2024-39361 LOW

Mattermost 9.5.0-9.5.5, 9.6.0-9.6.2, 9.7.0-9.7.4, 9.8.0 - Improper Access Control via Post RemoteId Manipulation

CVE-2024-36257 LOW

Mattermost <9.5.5, 9.8.0 - Info Disclosure

CVE-2024-36989 HIGH

Splunk Enterprise <9.2.2, <9.1.5, <9.0.10 & Splunk Cloud <9.1.2312.200 - Bulletin Message Injection

CVE-2024-38518 MEDIUM

BigBlueButton <2.6.17 - Auth Bypass

CVE-2024-38371 HIGH

authentik < 2024.2.4 - Improper Access Control in OAuth2 Device Code Flow

CVE-2024-37905 HIGH

authentik < 2024.2.4 - Improper Access Control via API-Access-Token Mechanism

CVE-2024-39376 CRITICAL

marKoni D Compact and DH Exciter+Amplifiers Firmware < 2.0.1 - Improper Access Control

CVE-2024-5655 CRITICAL

GitLab CE/EE <16.11.5-17.1.1 - Privilege Escalation

CVE-2024-5430 MEDIUM

GitLab 16.10-16.11.4, 17.0-17.0.2, 17.1 - Improper Access Control via GraphQL

CVE-2024-2191 MEDIUM

GitLab CE/EE <16.11.5-17.1.1 - Info Disclosure

CVE-2024-37742 HIGH

Safe Exam Browser <3.5.0 - Info Disclosure

CVE-2024-21741 CRITICAL

GigaDevice GD32E103C8T6 - Info Disclosure

CVE-2024-21740 HIGH

Artery AT32F415CBT7-AT32F421C8T7 - Info Disclosure

CVE-2024-33898 CRITICAL

Axiros AXESS Auto Configuration Server 4.x and 5.0.0 - Unauthenticated Remote Code Execution via Authorization Bypass

CVE-2024-37677 HIGH

access_management_specialist V6.62.51215 - Improper Access Control

CVE-2024-38873 MEDIUM

friendlycaptcha < 0.1.4 - Unauthenticated Captcha Bypass in ext:form Integration

CVE-2024-38273 MEDIUM

Moodle 4.1.0-4.1.10 and 4.4.0-beta - Improper Access Control in BigBlueButton Join URL

CVE-2024-5650 HIGH

Yokogawa Electric Corporation - CENTUM CAMS Log server - DLL Hijacking

CVE-2024-37887 LOW

Nextcloud Server 27.0.0-27.1.9 - Improper Access Control in Shared Calendar Recurrence Exceptions

CVE-2024-37884 LOW

Nextcloud Server 25.0.0-25.0.13.6 and 26.0.0-26.0.12 - Authenticated Improper Access Control via File Version Deletion

CVE-2024-37883 MEDIUM

Nextcloud Deck 1.6.0-1.6.5 - Unauthorized Access to Deleted Card Comments and Attachments

CVE-2024-37882 HIGH

Nextcloud Server 23.0.0-23.0.12.16 and 26.0.0-26.0.12 - Improper Access Control via Share Permission Escalation

CVE-2024-37317 MEDIUM

Nextcloud Notes 4.6.0-4.9.2 - Improper Access Control via Shared Folder

Previous Page 103 of 212 Next

Details

Vulnerabilities 5,300

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy