CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,080 vulnerabilities with CWE-284
CVE-2026-34082 MEDIUM
Dify has IDOR in deleting someone else's chat conversation
CVSS 4.3
CVE-2026-33031 HIGH
Nginx-UI: Disabled users retain full API access through previously issued bearer tokens
CVSS 8.1
CVE-2026-6650 MEDIUM
Z-BlogPHP ZBA File app_upload.php UnPack unrestricted upload
CVSS 4.7
CVE-2026-6602 HIGH
rickxy Hospital Management System his_admin_account.php unrestricted upload
CVSS 7.3
CVE-2026-6596 HIGH
langflow-ai langflow API Endpoint endpoints.py create_upload_file unrestricted upload
CVSS 7.3
CVE-2026-6561 MEDIUM
EyouCMS Index.php edit_adminlogo unrestricted upload
CVSS 4.7
CVE-2026-40474 HIGH
wger has Broken Access Control in the Global Gym Configuration Update Endpoint
CVSS 7.6
CVE-2026-40304 MEDIUM
zrok's broken ownership check in DELETE /api/v2/unaccess allows non-admin to delete global frontend records
CVSS 5.3
CVE-2026-35402 LOW
mcp-neo4j-cypher: SSRF and Data Modification via read_only Mode Bypass Through CALL Procedures
CVE-2026-6492 MEDIUM
arnobt78 Hotel Booking Management System Health Check Endpoint detailed information disclosure
CVSS 5.3
CVE-2026-6489 MEDIUM
QueryMine sms Background Management addteacher.php unrestricted upload
CVSS 6.3
CVE-2026-37100 MEDIUM
Yamaha SR-B30A 2.40 - Unauthenticated Bluetooth Low Energy Connection via Sound Bar Remote Protocol
CVSS 6.5
CVE-2026-31843 CRITICAL
goodoneuz/pay-uz <= 2.2.24 - Unauthenticated Remote Code Execution via Payment API Endpoint
CVSS 9.8
CVE-2026-6313 LOW
Google Chrome <147.0.7727.101 - Info Disclosure
CVSS 3.1
CVE-2026-6312 LOW
Google Chrome <147.0.7727.101 - Info Disclosure
CVSS 3.1
CVE-2026-33212 LOW
Weblate: Improper access control for pending tasks in API
CVSS 3.1
CVE-2026-30994 HIGH
Slah <= 1.5.0 - Unauthenticated Sensitive Data Exposure via config.php
CVSS 7.5
CVE-2026-20203 MEDIUM
Improper Access Control in Data Model Acceleration in Splunk Enterprise
CVSS 4.3
CVE-2026-33103 MEDIUM
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
CVSS 5.5
CVE-2026-32220 MEDIUM
UEFI Secure Boot Security Feature Bypass Vulnerability
CVSS 4.4
CVE-2026-32214 MEDIUM
Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability
CVSS 5.5
CVE-2026-27914 HIGH
Microsoft Management Console Elevation of Privilege Vulnerability
CVSS 7.8
CVE-2026-26183 HIGH
Remote Access Management service/API (RPC server) Elevation of Privilege Vulnerability
CVSS 7.8
CVE-2026-22692 MEDIUM
October CMS: Twig Sandbox Bypass via Collection Methods
CVSS 4.9
CVE-2026-22566 HIGH
UniFi Play PowerAmp <1.0.38 - Info Disclosure
CVSS 7.5
Details
Vulnerabilities 5,080
Links
MITRE CWE Entry Search this CWE With Exploits