Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-284

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,306 vulnerabilities with CWE-284

CVE-2023-50343 HIGH

HCL DRYiCE MyXalytics - Authenticated Improper Access Control via Controller APIs

CVE-2023-50341 HIGH

HCL DRYiCE MyXalytics - Improper Access Control via Obsolete Web Pages

CVE-2023-50333 LOW

Mattermost < 8.1.7 - Improper Access Control via Session Permission Update

CVE-2023-47858 MEDIUM

Mattermost < 8.1.7, < 7.8.10 - Improper Access Control via Archived Public Channel Endpoint

CVE-2023-7193 MEDIUM

MTab Bookmark < 1.2.6 - Improper Access Control in Installation Component

CVE-2023-50928 HIGH

awslabs_sandbox_accounts_for_events < 1.1.0 - Authenticated Improper Access Control via Non-Existent Event ID

CVE-2023-49791 MEDIUM

Nextcloud Server 23.0.0-23.0.12.12, 26.0.0-26.0.8 - Improper Access Control via API Bypass

CVE-2023-51661 HIGH

Wasmer <4.2.4 - Privilege Escalation

CVE-2023-7055 MEDIUM

PHPGurukul Online Notes Sharing System 1.0 - Improper Access Control via Profile Mobile Number Parameter

CVE-2023-50783 MEDIUM

Apache Airflow < 2.8.0 - Authenticated Unauthorized Variable Modification

CVE-2023-7025 HIGH

KylinSoft hedron-domain-hook < 3.8.0.12-0k0.5 - Improper Access Control in DBus Handler

CVE-2023-51390 MEDIUM

journalpump <2.5.0 - Info Disclosure

CVE-2023-50706 MEDIUM

efacec UC_500E Firmware - Unauthenticated Sensitive Information Exposure via Memory Dump

CVE-2023-6930 CRITICAL

EuroTel ETL3100 v01c01 and v01x37 - Unauthenticated Sensitive Information Disclosure via Configuration and Log Download

CVE-2023-51384 MEDIUM

OpenSSH <9.6 - Privilege Escalation

CVE-2023-48441 MEDIUM

Adobe Experience Manager <6.5.18 - Info Disclosure

CVE-2023-21751 MEDIUM

Azure DevOps Server - Open Redirect

CVE-2023-50440 MEDIUM

PRIMX ZED! ZEDMAIL ZONECENTRAL ZEDFREE ZEDPRO < 2023.5 - Unauthenticated Access Control Bypass via UNC Injection

CVE-2023-6773 MEDIUM

CodeAstro POS and Inventory Management System 1.0 - Improper Access Control via User Creation Handler

CVE-2023-6761 MEDIUM

IceCMS <= 2.0.1 - Improper Access Control in User Data Handler

CVE-2023-6758 MEDIUM

Thecosy IceCMS 2.0.1 - Improper Access Control in PlanetCommentList API

CVE-2023-47325 MEDIUM

Silverpeas < 6.3.2 - Broken Access Control in Administrative Bin Feature

CVE-2023-47536 LOW

FortiOS/FortiProxy Unauthenticated Firewall Policy Bypass via GeoIP Update Timing

CVE-2023-47579 HIGH

Relyum RELY-PCIe 22.2.1 - Unauthenticated Password Hash Exposure via System Group Misconfiguration

CVE-2023-6547 LOW

Mattermost < 8.1.5 - Improper Access Control in Playbook Team Membership Validation

Previous Page 122 of 213 Next

Details

Vulnerabilities 5,306

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy