Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-284

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,300 vulnerabilities with CWE-284

CVE-2024-26203 HIGH

Azure Data Studio < 1.48.0 - Elevation of Privilege

CVE-2024-26201 MEDIUM

Microsoft Intune Company Portal < 1.2402.12 - Elevation of Privilege

CVE-2024-21436 HIGH

Windows 10 1507-22H2 and Windows 11 21H2 - Elevation of Privilege via Windows Installer

CVE-2024-21418 HIGH

Software for Open Networking in the Cloud 202012-20201231.96 - Elevation of Privilege

CVE-2024-21483 MEDIUM

SENTRON 7KM PAC3120 AC/DC, SENTRON 7KM PAC3120 DC, SENTRON 7KM PAC3...

CVE-2024-21805 HIGH

SKYSEA Client View 16.100.06f-19.2 - Authenticated Arbitrary File Write and Privilege Escalation via DLL Placement

CVE-2024-28120 MEDIUM

codeium-chrome - Unauthenticated API Key Theft via Unvalidated External Message

CVE-2024-25501 HIGH

WinMail < 5.1 and < 7.1 - Remote Code Execution via Email Parameter

CVE-2024-2281 MEDIUM

boyiddha Automated-Mess-Management-System 1.0 - Improper Access Control in Setting Handler

CVE-2024-23267 MEDIUM

macOS 12.0.0-12.7.3, 13.0.0-13.6.4, 14.0.0-14.3 - Privacy Preference Bypass via Improper Access Control

CVE-2024-23266 MEDIUM

macOS < 12.7.4, < 13.6.5, < 14.4 - Unauthorized File System Modification

CVE-2024-23238 LOW

macOS < 14.4 - Unauthorized NVRAM Variable Modification

CVE-2024-0258 HIGH

iPadOS < 17.4 - Arbitrary Code Execution via Improper Access Control

CVE-2024-28115 HIGH

FreeRTOS < 10.6.2 - Local Privilege Escalation via Return Oriented Programming

CVE-2024-1898 MEDIUM

Devolutions Server < 2024.1.0 - Improper Access Control in Notification Feature

CVE-2024-1478 MEDIUM

Maintenance Mode <= 3.0.1 - Unauthenticated Sensitive Information Exposure via REST API

CVE-2024-1088 MEDIUM

Password Protected Store for WooCommerce <1.9 - Info Disclosure

CVE-2024-20036 MEDIUM

Android - Local Information Disclosure via vdec Permission Bypass

CVE-2024-0795 HIGH

AnythingLLM < 1.0.0 - Authenticated Privilege Escalation via User Creation

CVE-2024-21767 CRITICAL

Commend WS203VICM < 1.7 - Improper Access Control

CVE-2024-27497 HIGH

Linksys E2000 1.0.06 position.js Improper Authentication

CVE-2024-1942 MEDIUM

Mattermost <8.1.9, <9.2.5, 9.3.0 - Info Disclosure

CVE-2024-1888 MEDIUM

Mattermost <8.1.9 and 9.4.0-9.4.2 - Improper Access Control in Guest Invitation

CVE-2024-23488 LOW

Mattermost < 8.1.9 and 9.0.0-9.4.2 - Improper Access Control in Archived Channel File Attachments

CVE-2024-1887 MEDIUM

Mattermost < 8.1.9 and 9.3.0-9.3.1 - Improper Access Control in Public Channel Post Fetching

Previous Page 111 of 212 Next

Details

Vulnerabilities 5,300

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy