CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,075 vulnerabilities with CWE-284
CVE-2026-7686 MEDIUM
eyeo Adblock Plus Legacy Premium Activation premium.preload.js postMessage access control
CVSS 5.3
CVE-2026-7673 MEDIUM
crmeb_java Admin Upload UploadServiceImpl.java unrestricted upload
CVSS 4.7
CVE-2026-37526 HIGH
AGL app-framework-binder <19.90.0 - Privilege Escalation
CVSS 7.8
CVE-2026-7578 MEDIUM
MacCMS Pro Plugin Installation add.html install unrestricted upload
CVSS 4.7
CVE-2026-2311 MEDIUM
IBM i Web Administration GUI - Privilege Escalation
CVSS 6.4
CVE-2026-40904 HIGH
Chartbrew: Incorrect Access Control in dataset and dataRequest routes via team-scoped permission checks
CVSS 8.1
CVE-2026-40603 MEDIUM
Chartbrew: Incorrect Access Control in /api/project/dashboard/:brewName via same-team override
CVSS 6.5
CVE-2026-40595 HIGH
Chartbrew: Incorrect Access Control in public chart and export routes via missing onReport and SharePolicy checks
CVSS 7.5
CVE-2026-7468 HIGH
1024-lab smart-admin Demo Site index.html access control
CVSS 7.3
CVE-2026-7393 MEDIUM
SourceCodester Pizzafy Ecommerce System File Extension admin_class_novo.php save_menu unrestricted upload
CVSS 4.7
CVE-2026-5141 HIGH
Improper Access Control in TUBITAK BILGEM's Pardus Software Center
CVSS 8.8
CVE-2026-5780 HIGH
MphRx Minerva 3.6.0 moUser show Endpoint - Authenticated IDOR
CVSS 8.1
CVE-2026-5779 HIGH
MphRx Minerva 3.6.0 - Authenticated User Profile IDOR
CVSS 8.8
CVE-2026-7238 MEDIUM
code-projects Online Music Site AdminUpdateAlbum.php unrestricted upload
CVSS 4.7
CVE-2026-40966 MEDIUM
VectorStoreChatMemoryAdvisor conversation scoping can lead to cross-tenant memory exfiltration
CVSS 5.9
CVE-2026-7134 MEDIUM
code-projects Online Lot Reservation System edithousepic.php unrestricted upload
CVSS 4.7
CVE-2026-7133 MEDIUM
code-projects Online Lot Reservation System activity.php unrestricted upload
CVSS 4.7
CVE-2026-7107 MEDIUM
code-projects Invoice System in Laravel company unrestricted upload
CVSS 6.3
CVE-2026-7044 MEDIUM
GreenCMS index.php themeadd unrestricted upload
CVSS 6.3
CVE-2026-7043 MEDIUM
GreenCMS index.php pluginAddLocal unrestricted upload
CVSS 6.3
CVE-2026-7041 LOW
666ghj MiroFish Werkzeug Debugger PIN console information disclosure
CVSS 3.7
CVE-2026-7021 LOW
SmythOS sre Connector Service utils.ts information disclosure
CVSS 3.5
CVE-2026-33318 HIGH
Actual has Privilege Escalation via 'change-password' Endpoint on OpenID-Migrated Servers
CVSS 8.8
CVE-2026-29197 MEDIUM
Rocket.Chat < 8.4.0 Authenticated Improper Access Control via Apps-Engine Logs Endpoint
CVSS 4.3
CVE-2026-24303 CRITICAL
Microsoft Partner Center Elevation of Privilege Vulnerability
CVSS 9.6
Details
Vulnerabilities 5,075
Links
MITRE CWE Entry Search this CWE With Exploits