Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-284

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,300 vulnerabilities with CWE-284

CVE-2024-21666 MEDIUM

pimcore customer_management_framework < 4.0.6 - Authenticated Improper Access Control in Duplicates Endpoint

CVE-2024-21665 MEDIUM

Pimcore E-Commerce Framework < 1.0.10 - Authenticated Improper Access Control in Admin Order List

CVE-2024-0358 MEDIUM

DeShang DSO2O < 4.1.0 - Improper Access Control in /install/install.php

CVE-2024-0356 MEDIUM

Mandelo ssm_shiro_blog 1.0 - Improper Access Control in Backend updateRoles

CVE-2024-20657 HIGH

Windows Group Policy - Privilege Escalation

CVE-2024-21644 HIGH

pyload < 0.5.0b3.dev77 - Unauthenticated Information Exposure via Flask Config Endpoint

CVE-2024-22216 CRITICAL

Microchip maxView Storage Manager - Info Disclosure

CVE-2023-24215 CRITICAL

NOVUS AirGate 4G 1.1.16 - Info Disclosure

CVE-2023-38005 MEDIUM

IBM Cloud Pak System 2.3.3.6-2.3.5.0 - Privilege Escalation

CVE-2023-32238 MEDIUM

CodexThemes TheGem <5.8.1.1 - Info Disclosure

CVE-2023-37749 MEDIUM

HubSpot v1.29441 - Unauthenticated Improper Access Control via REST API Endpoint

CVE-2023-50300 MEDIUM

IBM Transformation Extender Advanced 10.0.1 - Improper Access Control

CVE-2023-29113 MEDIUM

Volkswagen MIB3 <0304 - Improper Access Control via IPC

CVE-2023-28907 MEDIUM

Volkswagen MIB3 infotainment system MIB3 OI MQB <0304 - Improper Access Control via CPU Core Memory Isolation Bypass

CVE-2023-47031 CRITICAL

NCR Terminal Handler 1.5.1 - Privilege Escalation via grantRolesToUsers SOAP API

CVE-2023-47294 HIGH

NCR Terminal Handler 1.5.1 - Authenticated Arbitrary User Account Deactivation via Session Cookie

CVE-2023-47297 CRITICAL

NCR Terminal Handler 1.5.1 - Improper Access Control

CVE-2023-42969 LOW

iPadOS < 16.7 - Sandbox Escape via Cache Handling

CVE-2023-52972 MEDIUM

Huawei yutufz-5651s1_senaryaudio - Improper Access Control via SDDL Permission Check Bypass

CVE-2023-47539 CRITICAL

FortiMail 7.4.0 - Unauthenticated Admin Login Bypass via Crafted HTTP Request

CVE-2023-34404 MEDIUM

Mercedes-Benz Head-Unit NTG6 - Unauthenticated Command Injection via Ethernet Port Access

CVE-2023-34403 MEDIUM

Mercedes-Benz Head-Unit NTG6 < 2021 - Unauthenticated Unprotected User Data Exposure via Ethernet Backup Spoofing

CVE-2023-29164 HIGH

Intel Server Board - Privilege Escalation

CVE-2023-52164 MEDIUM

Digiever DS-2105 Pro <3.1.0.71-11 - Info Disclosure

CVE-2023-51644 HIGH

Allegra < 7.5.1 - Unauthenticated Remote Code Execution via Struts Improper Access Control

Previous Page 116 of 212 Next

Details

Vulnerabilities 5,300

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy