Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-284

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,300 vulnerabilities with CWE-284

CVE-2024-31967 CRITICAL

Mitel <6.3.3 - Privilege Escalation

CVE-2024-31964 HIGH

Mitel 6800/6900 Series SIP Phones <=6.3 SP3 HF4, 6900w <=6.3.3, 6970 <=5.1.1 SP8 - Auth Bypass & DoS

CVE-2024-33393 MEDIUM

spidernet-io spiderpool <0.9.3 - RCE

CVE-2024-22830 MEDIUM

Anti-Cheat Expert's Windows kernel module <1.0.2202.6217 - Privileg...

CVE-2024-32973 MEDIUM

Pluto >= 0.9.0 < 0.9.3 - TLS Certificate Validation Bypass

CVE-2024-28978 MEDIUM

Dell OpenManage Enterprise 3.10 and 4.0 - Improper Access Control

CVE-2024-3746 MEDIUM

ScadaPro Server - Unauthenticated Arbitrary File Write via Default Directory Permissions

CVE-2024-4225 HIGH

NetGuardian DIN RTU - Privilege Escalation, XSS, CSRF

CVE-2024-33260 MEDIUM

Jerryscript - Denial of Service via Parser Class Parsing

CVE-2024-4198 LOW

Mattermost 8.1.0-8.1.11 9.5.0-9.5.2 9.6.0 - Authenticated Role Demotion via Crafted HTTP Requests

CVE-2024-4195 LOW

Mattermost 8.1.0-8.1.11 9.5.0-9.5.2 - Authenticated Role Escalation via Crafted HTTP Requests

CVE-2024-33673 HIGH

Veritas Backup Exec < 23.0 - DLL Hijacking via Windows DLL Search Path

CVE-2024-33666 HIGH

Zammad < 6.3.0 - Unauthorized Time Accounting Data Access via API

CVE-2024-23271 MEDIUM

Safari < 17.3 - Improper Access Control

CVE-2024-27348 CRITICAL KEV

Apache HugeGraph-Server - Remote Command Execution

CVE-2024-22811 HIGH

Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 - DoS

CVE-2024-22807 MEDIUM

PathPilot Controller 2.9.6 - Improper Access Control

CVE-2024-32418 CRITICAL

flusity CMS 2.33 - Remote Code Execution via add_addon.php

CVE-2024-31846 HIGH

Italtel Embrace <1.6.4 - Info Disclosure

CVE-2024-30107 LOW

HCL Connections - Improper Access Control

CVE-2024-31503 HIGH

Dolibarr ERP CRM < 19.0.1 - Authenticated Session Cookie and CSRF Token Theft via Crafted Web Page

CVE-2024-31759 HIGH

PublicCMS <4.0.202302.e - Privilege Escalation

CVE-2024-21115 HIGH

Oracle VM VirtualBox < 7.0.16 - Authenticated Remote Code Execution

CVE-2024-21114 HIGH

Oracle VM VirtualBox < 7.0.16 - Authenticated Privilege Escalation in Core Component

CVE-2024-21113 HIGH

Oracle VM VirtualBox < 7.0.16 - Authenticated Privilege Escalation in Core Component

Previous Page 107 of 212 Next

Details

Vulnerabilities 5,300

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy