Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-284

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,300 vulnerabilities with CWE-284

CVE-2024-3164 MEDIUM

dotcms - Improper Access Control in System Maintenance Portlet

CVE-2024-28405 HIGH

SEMCMS 4.8 - Unauthenticated Incorrect Access Control via Early SEMCMS_Funtion.php Installation

CVE-2024-28960 HIGH

Mbed TLS 2.18.0-2.28.x < 2.28.8 and 3.x < 3.6.0 and Mbed Crypto - Improper Access Control in PSA Crypto API

CVE-2024-28016 MEDIUM

NEC Aterm Firmware - Unauthenticated Information Disclosure via Improper Access Control

CVE-2024-25962 HIGH

Dell InsightIQ 5.0 - Unauthorized Access to Monitoring Data

CVE-2024-25736 HIGH

WyreStorm Apollo VX20 Firmware < 1.3.58 - Unauthenticated Denial of Service via Reboot Endpoint

CVE-2024-29866 CRITICAL

Datalust Seq <2023.4.11151, <2024.1.11146 - Privilege Escalation

CVE-2024-25811 MEDIUM

Dreamer CMS 4.0.1 - Unauthenticated Sensitive Information Exposure via Backup File Download

CVE-2024-1473 MEDIUM

Coming Soon & Maintenance Mode - Info Disclosure

CVE-2024-1144 MEDIUM

Devklan's Alma Blog <2.1.10 - Info Disclosure

CVE-2024-20767 HIGH KEV

CVE-2024-20767 - Adobe Coldfusion Arbitrary File Read

CVE-2024-2481 MEDIUM

Surya2Developer Hostel Management System 1.0 - Info Disclosure

CVE-2024-28390 CRITICAL

Advanced Plugins ultimateimagetool < 2.2.01 - Improper Access Control

CVE-2024-25653 MEDIUM

Delinea Secret Server 11.4 - Broken Access Control in Report Functionality

CVE-2024-20322 MEDIUM

Cisco IOS XR - Unauthenticated ACL Bypass via Pseudowire Interface

CVE-2024-20319 MEDIUM

Cisco IOS XR - Unauthenticated Management Plane Protection Bypass via SNMP UDP Forwarding

CVE-2024-20315 MEDIUM

Cisco IOS XR Software 7.9.1 7.9.2 7.10.1 - Unauthenticated ACL Bypass via MPLS Interface

CVE-2024-1668 MEDIUM

Avada | Website Builder For WordPress & WooCommerce <7.11.5 - Info ...

CVE-2024-1462 MEDIUM

Maintenance Page <1.0.8 - Info Disclosure

CVE-2024-1370 MEDIUM

Maintenance Page <= 1.0.8 - Authenticated Unauthorized Data Access via subscribe_download AJAX Action

CVE-2024-0687 MEDIUM

Restrict User Access - Info Disclosure

CVE-2024-0631 MEDIUM

Duitku Payment Gateway <2.11.4 - Info Disclosure

CVE-2024-0377 MEDIUM

LifterLMS < 7.5.1 - Unauthenticated Unrestricted Review Publication via Missing Capability Check

CVE-2024-0369 MEDIUM

Bulk Edit Post Titles < 5.0.0 - Authenticated Arbitrary Post Title Modification via Missing Capability Check

CVE-2024-28338 HIGH

TOTOLINK A8000RU V7.1cu.643_B20200521 - Unauthenticated Login Bypass via Session Cookie

Previous Page 110 of 212 Next

Details

Vulnerabilities 5,300

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy