CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,080 vulnerabilities with CWE-284
CVE-2026-5670 MEDIUM
Cyber-III Student-Management-System upload.php move_uploaded_file unrestricted upload
CVSS 6.3
CVE-2026-34444 CRITICAL
Lupa <=2.6 getattr and setattr - Sandbox Escape
CVSS 10.0
CVE-2026-31150 MEDIUM
Kaleris YMS 7.2.2.1 - Incorrect Access Control
CVSS 4.3
CVE-2026-5601 MEDIUM
Acrel Electrical Prepaid Cloud Platform Backup File bin.rar information disclosure
CVSS 5.3
CVE-2026-5585 MEDIUM
Tencent AI-Infra-Guard Task Detail Endpoint task_manager.go information disclosure
CVSS 5.3
CVE-2026-5576 MEDIUM
SourceCodester/jkev Record Management System Add Employee save_emp.php unrestricted upload
CVSS 4.7
CVE-2026-5573 HIGH
Technostrobe HI-LED-WR120-G2 fs unrestricted upload
CVSS 7.3
CVE-2026-5571 MEDIUM
Technostrobe HI-LED-WR120-G2 Configuration Data fs information disclosure
CVSS 5.3
CVE-2026-5569 HIGH
Technostrobe HI-LED-WR120-G2 Endpoint access control
CVSS 7.3
CVE-2026-5546 MEDIUM
Campcodes Complete Online Learning Management System Crud_model.php add_lesson unrestricted upload
CVSS 6.3
CVE-2026-5526 HIGH
Tenda 4G03 Pro httpd access control
CVSS 7.3
CVE-2026-35616 CRITICAL KEV
Fortinet FortiClientEMS 7.4.5-7.4.6 - Command Injection
CVSS 9.8
CVE-2026-5484 MEDIUM
BookStackApp BookStack Chapter Export ExportFormatter.php chapterToMarkdown access control
CVSS 5.3
CVE-2026-5472 MEDIUM
ProjectsAndPrograms School Management System Profile Picture settings.php unrestricted upload
CVSS 6.3
CVE-2026-5413 LOW
Newgen OmniDocs GetWebApiConfiguration information disclosure
CVSS 3.7
CVE-2026-33951 HIGH
signalk-server: Unauthenticated Source Priorities Manipulation
CVSS 7.5
CVE-2026-2699 CRITICAL
EAR vulnerability in Progress ShareFile Storage Zones Controller (SZC)
CVSS 9.8
CVE-2026-5330 MEDIUM
SourceCodester/mayuri_k Best Courier Management System User Delete ajax.php access control
CVSS 6.5
CVE-2026-34572 HIGH
CI4MS: Account Deactivation Module Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw)
CVSS 8.8
CVE-2026-34570 HIGH
CI4MS: Account Deletion Module Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw)
CVSS 8.8
CVE-2026-5312 MEDIUM
D-Link DNS-1550-04 dsk_mgr.cgi Get_current_raidtype access control
CVSS 5.3
CVE-2026-5311 MEDIUM
D-Link DNS-1550-04 file_center.cgi Webdav_Access_List access control
CVSS 5.3
CVE-2026-34456 CRITICAL
Reviactyl: OAuth account takeover via auto-linking
CVSS 9.1
CVE-2026-23899 HIGH
Joomla! Core - [20260306] - Improper access check in webservice endpoints
CVSS 8.8
CVE-2026-21629 HIGH
Joomla! Core - [20260301] - ACL hardening in com_ajax
CVSS 7.3
Details
Vulnerabilities 5,080
Links
MITRE CWE Entry Search this CWE With Exploits