Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-284

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,075 vulnerabilities with CWE-284

CVE-2026-41277 HIGH

Flowise: Mass Assignment in DocumentStore Create Endpoint Leads to Cross-Workspace Object Takeover (IDOR)

CVE-2026-41270 HIGH

Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox

CVE-2026-41243 MEDIUM

OpenLearn's pending forum posts remain publicly readable by direct ID when moderation mode is enabled

CVE-2026-41166 HIGH

OpenRemote has Improper Access Control via updateUserRealmRoles function

CVE-2026-31192 MEDIUM

Raindrop.io Bookmark Manager Web App 5.6.76.0 - Info Disclosure

CVE-2026-22754 HIGH

ervlet Path Not Correctly Included in Path Matching of XML Authorization Rules

CVE-2026-35252 MEDIUM

Oracle Security Service 12.2.1.4.0 - Privilege Escalation

CVE-2026-35251 HIGH

Oracle VM VirtualBox 7.2.6 - Privilege Escalation

CVE-2026-35250 LOW

Oracle VM VirtualBox 7.2.6 - Authenticated Partial Denial of Service

CVE-2026-35249 LOW

Oracle VM VirtualBox 7.2.6 - Privilege Escalation

CVE-2026-35248 MEDIUM

Oracle VM VirtualBox 7.2.6 - Authenticated Unauthorized Data Access and Partial Denial of Service

CVE-2026-35247 MEDIUM

Oracle VM VirtualBox 7.2.6 - Privilege Escalation

CVE-2026-35246 HIGH

Oracle VM VirtualBox 7.2.6 - Privilege Escalation

CVE-2026-35245 HIGH

Oracle VM VirtualBox 7.2.6 - Unauthenticated Denial of Service via RDP

CVE-2026-35244 MEDIUM

Oracle Hyperion Infrastructure Technology 11.2.24.0.000 - Privilege Escalation

CVE-2026-35243 HIGH

Oracle ADF 12.2.1.4.0 - Privilege Escalation

CVE-2026-35242 HIGH

Oracle VM VirtualBox 7.2.6 - Privilege Escalation

CVE-2026-35241 MEDIUM

Oracle PeopleSoft Enterprise CS Student Records 9.2 - Info Disclosure

CVE-2026-35240 MEDIUM

MySQL Server 8.0.0-8.0.45, 8.4.0-8.4.8, 9.0.0-9.6.0 - Authenticated Denial of Service in Server Optimizer

CVE-2026-35239 MEDIUM

MySQL Server 8.0.0-8.0.45, 8.4.0-8.4.8, 9.0.0-9.6.0 - Authenticated Denial of Service in Server: DML

CVE-2026-35238 MEDIUM

MySQL Server 8.0.0-8.0.45, 8.4.0-8.4.8, 9.0.0-9.6.0 - Authenticated Denial of Service in InnoDB

CVE-2026-35237 MEDIUM

MySQL Server 8.0.0-8.0.45, 8.4.0-8.4.8, 9.0.0-9.6.0 - Authenticated Denial of Service in InnoDB

CVE-2026-35236 MEDIUM

MySQL Server 8.0.0-8.0.45, 8.4.0-8.4.8, 9.0.0-9.6.0 - Authenticated Denial of Service in InnoDB

CVE-2026-35235 MEDIUM

MySQL Server 9.0.0-9.6.0 - Authenticated Denial of Service in GIS Component

CVE-2026-35234 MEDIUM

MySQL Server 9.0.0-9.6.0 - Authenticated Denial of Service in Server Partition Component

Previous Page 12 of 203 Next

Details

Vulnerabilities 5,075

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy