Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-284

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,080 vulnerabilities with CWE-284

CVE-2026-1879 MEDIUM

Harvard University IQSS Dataverse Theme Customization ThemeAndWidgets.xhtml unrestricted upload

CVE-2026-5261 HIGH

Shandong Hoteam InforCenter PLM BaseHandler.ashx uploadFileToIIS unrestricted upload

CVE-2026-4947 HIGH

Insecure Direct Object Reference (IDOR) Leading to Signature Forgery in Foxit eSign

CVE-2026-5215 MEDIUM

D-Link DNS-1550-04 network_mgr.cgi cgi_get_ipv6 access control

CVE-2026-34733 MEDIUM

AVideo: Unauthenticated File Deletion via PHP Operator Precedence Bug in CLI Guard

CVE-2026-34381 HIGH

Admidio: Unauthenticated Access to Role-Restricted documents via neutralized .htaccess

CVE-2026-33415 LOW

Discourse: Improper Access Control in discourse-ai Allows Unauthorized Category Content Exposure

CVE-2026-5181 MEDIUM

SourceCodester Simple Doctors Appointment System ajax.php unrestricted upload

CVE-2026-21711 MEDIUM

Node.js 25.x - Privilege Escalation

CVE-2026-29872 HIGH

awesome-llm-apps e46690f - Info Disclosure

CVE-2026-5124 LOW

osrg GoBGP BGP Header bgp.go BGPHeader.DecodeFromBytes access control

CVE-2026-29597 MEDIUM

DDSN Interactive Acora CMS 10.7.1 - Info Disclosure

CVE-2026-5122 LOW

osrg GoBGP BGP OPEN Message bgp.go DecodeFromBytes access control

CVE-2026-5107 MEDIUM

FRRouting FRR EVPN Type-2 Route bgp_evpn.c process_type2_route access control

CVE-2026-5003 MEDIUM

PromtEngineer localGPT Web api_server.py handle_index information disclosure

CVE-2026-5001 HIGH

PromtEngineer localGPT server.py do_POST unrestricted upload

CVE-2026-31950 MEDIUM

LibreChat's IDOR in SSE Stream Subscription Allows Reading Other Users' Chats

CVE-2026-30689 HIGH

blog.admin <= 8.0 - Sensitive Data Exposure via getinfobytoken API

CVE-2026-33890 CRITICAL

MyTube <1.8.71 Passkey Registration - Admin Privilege Escalation

CVE-2026-33726 MEDIUM

Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic

CVE-2026-0748 MEDIUM

Access bypass in Drupal 7 i18n_node translation UI

CVE-2026-33622 HIGH

A PinchTab Security Policy Bypass in /wait Allows Arbitrary JavaScript Execution

CVE-2026-4875 MEDIUM

itsourcecode Free Hotel Reservation System index.php unrestricted upload

CVE-2026-4830 MEDIUM

kalcaddle kodbox Public Share userShare.class.php add privilege escalation

CVE-2026-4823 LOW

Enter Software Iperius Backup NTLM2 information disclosure

Previous Page 18 of 204 Next

Details

Vulnerabilities 5,080

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy