Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-284

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,300 vulnerabilities with CWE-284

CVE-2024-37315 LOW

Nextcloud Server 23.0.0-23.0.11 and 26.0.0-26.0.11 - Authenticated Improper Access Control via File Version Restoration

CVE-2024-37314 LOW

Nextcloud Server 25.0.0-25.0.7 - Improper Access Control in Photos App

CVE-2024-37312 MEDIUM

nextcloud/user_oidc < 5.0.0 - Unauthenticated Account Registration via ID4me Endpoint

CVE-2024-37279 MEDIUM

Kibana 8.6.3-8.13.0 - Authenticated Denial of Service via Alerting Rule Run Soon API

CVE-2024-28969 MEDIUM

Dell Secure Connect Gateway 5.18.00.20-5.22.00.18 - Improper Access Control in Internal Update REST API

CVE-2024-28968 MEDIUM

Dell Secure Connect Gateway 5.18.00.20-5.22.00.18 - Improper Access Control in REST APIs

CVE-2024-28967 MEDIUM

Dell Secure Connect Gateway 5.18.00.20-5.22.00.18 - Improper Access Control in Internal Maintenance REST API

CVE-2024-28966 MEDIUM

Dell Secure Connect Gateway 5.18.00.20-5.22.00.18 - Improper Access Control in Internal Update REST API

CVE-2024-28965 MEDIUM

Dell Secure Connect Gateway 5.18.00.20-5.22.00.18 - Improper Access Control via Internal Enable REST API

CVE-2024-34112 HIGH

ColdFusion <2023u7, 2021u13 - Info Disclosure

CVE-2024-34107 MEDIUM

Adobe Commerce <2.4.7 - Privilege Escalation

CVE-2024-26029 HIGH

Adobe Experience Manager < 6.5.21 and < 2024.5 - Security Feature Bypass via Improper Access Control

CVE-2024-5840 MEDIUM

Google Chrome < 126.0.6478.54 - CORS Policy Bypass via Crafted HTML Page

CVE-2024-29060 MEDIUM

Visual Studio 2017 15.0-15.9.62, 2019 16.0-16.11.36, 2022 17.4-17.4.19 - Elevation of Privilege

CVE-2024-5687 MEDIUM

Firefox for Android - Info Disclosure

CVE-2024-37289 HIGH

Trend Micro Apex One < 14.0.13139 and 14.0 < 14.0.0.12980 - Privilege Escalation

CVE-2024-27855 HIGH

macOS Sonoma <14.5 - Info Disclosure

CVE-2024-27819 LOW

iPadOS < 17.5 - Unauthenticated Contacts Access from Lock Screen

CVE-2024-27792 MEDIUM

macOS Sonoma <14.4 - Info Disclosure

CVE-2024-37568 HIGH

Authlib < 1.3.1 - Algorithm Confusion in JWT Verification

CVE-2024-30481 MEDIUM

JCH Optimize < 4.0.0 - Broken Access Control

CVE-2024-22074 CRITICAL

Dynamsoft Service - Incorrect Access Control

CVE-2024-36399 HIGH

kanboard < 1.2.37 - Improper Access Control in ProjectPermissionController

CVE-2024-0972 MEDIUM

BuddyPress Members Only <3.3.5 - Info Disclosure

CVE-2024-28818 MEDIUM

Samsung Exynos 980 Firmware - Improper Access Control

Previous Page 104 of 212 Next

Details

Vulnerabilities 5,300

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy