Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-284

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,080 vulnerabilities with CWE-284

CVE-2026-34291 HIGH

Oracle HTTP Server 12.2.1.4.0 - Privilege Escalation

CVE-2026-34287 CRITICAL

Oracle Identity Manager Connector 12.2.1.4.0 - Unauthenticated Data Manipulation

CVE-2026-34284 MEDIUM

Oracle BPM Suite 12.2.1.4.0 and 14.1.2.0.0 - Unauthorized Data Access

CVE-2026-34283 MEDIUM

Oracle Identity Manager 12.2.1.4.0 and 14.1.2.0.0 - Unauthorized Data Access

CVE-2026-34277 MEDIUM

PeopleSoft Enterprise PeopleTools 8.61-8.62 - Authenticated Improper Access Control in Fluid Core

CVE-2026-34274 MEDIUM

Oracle Configurator 12.2.3-12.2.15 - Unauthorized Data Access

CVE-2026-34269 MEDIUM

Oracle PeopleSoft PeopleTools 8.61-8.62 Portal - Unauthorized Data Access

CVE-2026-22019 MEDIUM

Oracle PeopleSoft HCM Shared Components 9.2 - Unauthorized Data Access

CVE-2026-22014 LOW

Oracle User Management 12.2.7-12.2.15 - Privilege Escalation

CVE-2026-22011 HIGH

Oracle Applications DBA 12.2.3-12.2.15 - Privilege Escalation

CVE-2026-22010 HIGH

Oracle Financial Services Analytical Applications Infrastructure 8.0.7.9 - Info Disclosure

CVE-2026-21997 HIGH

Oracle Life Sciences Empirica Signal 9.2.1-9.2.3 - Unauthorized Data Modification

CVE-2026-40889 MEDIUM

Frappe HR has Improper Access Control on Files

CVE-2026-40888 MEDIUM

Frappe HR vulnerable to Improper Access Control

CVE-2026-40874 MEDIUM

mailcow: dockerized missing authorization on Forwarding Hosts delete action

CVE-2026-40867 HIGH

Horilla: Unauthorized Helpdesk Attachment Access via Attachment ID Manipulation

CVE-2026-40866 HIGH

Horilla: Unauthorized Document Overwrite via File Upload Endpoint

CVE-2026-40865 HIGH

Horilla: Insecure Direct Object Reference at `/employee/view-file/<int:id>

CVE-2026-40569 CRITICAL

FreeScout's Mass Assignment in Mailbox Connection Settings Enables Silent Email Exfiltration

CVE-2026-30452 MEDIUM

Textpattern CMS 4.9.0 - Privilege Escalation

CVE-2026-40498 CRITICAL

FreeScout has Authentication Bypass and Information Disclosure in SystemController via /system/cron

CVE-2026-31018 HIGH

Dolibarr ERP & CRM <=22.0.4 - Code Injection

CVE-2026-29644 MEDIUM

XiangShan - Improper Access Control via Distributed CSR Write-Enable Path

CVE-2026-39386 HIGH

Neko has Self-service Privilege Escalation for Authenticated Users

CVE-2026-35570 HIGH

OpenClaude has Sandbox Bypass via Early-Exit Logic Flaw that Allows Path Traversal

Previous Page 14 of 204 Next

Details

Vulnerabilities 5,080

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy