Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-284

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,300 vulnerabilities with CWE-284

CVE-2024-24496 CRITICAL

Daily Habit Tracker 1.0 - Unauthenticated Tracker Manipulation via Home and Tracker Management Endpoints

CVE-2024-0965 MEDIUM

Simple Page Access Restriction <1.0.21 - Info Disclosure

CVE-2024-24824 HIGH

Graylog 2.0.0-5.1.10 - Authenticated Remote Code Execution via Cluster Config Endpoint

CVE-2024-24771 HIGH

Open Forms <2.2.9-2.5.2 - Auth Bypass

CVE-2024-23447 MEDIUM

Elastic Network Drive Connector < 8.12.1 - Improper Access Control via Document Level Security

CVE-2024-23446 MEDIUM

Kibana 8.0.0-8.12.0 - Improper Access Control in Detection Engine Search API

CVE-2024-1092 MEDIUM

RSS Aggregator by Feedzy < 4.4.1 - Authenticated Unauthorized Data Modification via Missing Capability Check

CVE-2024-0969 MEDIUM

ARMember < 4.0.24 - Unauthenticated Sensitive Information Exposure via REST API

CVE-2024-0374 MEDIUM

Views for WPForms <= 3.2.2 - Unauthenticated CSRF via 'create_view'

CVE-2024-0373 MEDIUM

Views for WPForms < 3.2.2 - Cross-Site Request Forgery via 'save_view' Function

CVE-2024-0371 MEDIUM

Views for WPForms < 3.2.2 - Authenticated Unauthorized Data Modification via create_view Function

CVE-2024-0370 MEDIUM

Views for WPForms < 3.2.2 - Authenticated Unauthorized Data Modification via Missing Capability Check

CVE-2024-0366 MEDIUM

Starbox < 3.4.7 - Insecure Direct Object Reference via Action Function

CVE-2024-0324 HIGH

User Profile Builder < 3.10.8 - Unauthenticated Two-Factor Authentication Settings Modification

CVE-2024-22202 MEDIUM

phpMyFAQ < 3.2.5 - Improper Access Control via User Removal Request Spoofing

CVE-2024-1114 MEDIUM

openBI < 1.0.8 - Improper Access Control via dlfile Function

CVE-2024-24566 MEDIUM

lobehub/lobe_chat < 0.122.4 - Unauthenticated Plugin Access via Improper Access Control

CVE-2024-21653 MEDIUM

vantage6 < 4.2.0 - Improper Access Control via Default SSH Configuration

CVE-2024-1011 MEDIUM

SourceCodester Employee Management System 1.0 - Improper Access Control in Leave Handler

CVE-2024-0212 HIGH

Cloudflare WordPress Plugin < 4.12.3 - Improper Access Control

CVE-2024-20263 MEDIUM

Cisco Business 250-350 Series - Auth Bypass

CVE-2024-0810 MEDIUM

Google Chrome <121.0.6167.85 - Info Disclosure

CVE-2024-23675 MEDIUM

Splunk Cloud < 9.1.2312.100 and Splunk Enterprise 9.0.0-9.0.8 - Improper Access Control in KV Store REST API

CVE-2024-23681 HIGH

Artemis Java Test Sandbox < 1.11.2 - Sandbox Escape via Untrusted Library Loading

CVE-2024-23331 HIGH

vite 2.7.0-2.9.17 - Improper Access Control via Case-Insensitive Filesystem Bypass

Previous Page 114 of 212 Next

Details

Vulnerabilities 5,300

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy