CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
5,075 vulnerabilities with CWE-284
CVE-2026-41837
MEDIUM
Spring Data REST Querydsl integration exposes Jackson-hidden persistent fields as filter keys
CVSS 5.3
CVE-2026-41728
HIGH
Spring Data REST JSON Patch bypasses Jackson read-only property protection on nested objects and collections
CVSS 7.5
CVE-2026-47907
HIGH
Dreamweaver Desktop | Improper Access Control (CWE-284)
CVSS 8.2
CVE-2026-39169
HIGH
SEMCMS 5.0 - Unauthenticated Improper Access Control in SEMCMS_copy.php
CVSS 7.5
CVE-2026-36720
HIGH
bookcars 8.3 - Authenticated Privilege Escalation via User Type Modification
CVSS 8.1
CVE-2026-49161
HIGH
Microsoft PC Manager Security Feature Bypass Vulnerability
CVSS 7.8
CVE-2026-48578
HIGH
Microsoft Windows 10 Version 1607 - Secure Boot Security Feature Bypass Vulnerability
CVSS 7.9
CVE-2026-45658
HIGH
Microsoft Windows 10 Version 1607 - Windows BitLocker Security Feature Bypass Vulnerability
CVSS 7.8
CVE-2026-45654
HIGH
Microsoft Windows 11 Version 24H2 - Secure Boot Security Feature Bypass Vulnerability
CVSS 7.9
CVE-2026-45649
HIGH
Microsoft Excel for Android - Office for Android Spoofing Vulnerability
CVSS 7.1
CVE-2026-42829
HIGH
Microsoft Windows 11 Version 24H2 - Windows Administrator Protection Secure Feature Bypass Vulnerability
CVSS 7.8
CVE-2026-41092
HIGH
Microsoft Kinect Elevation of Privilege Vulnerability
CVSS 7.8
CVE-2026-49938
MEDIUM
Fortinet FortiPortal - Improper Access Control
CVSS 6.5
CVE-2026-41985
MEDIUM
Huawei HarmonyOS - Improper Access Control
CVSS 5.1
CVE-2026-41984
MEDIUM
Huawei HarmonyOS - Improper Access Control
CVSS 5.2
CVE-2026-41847
MEDIUM
Spring Framework Security Filter Bypass in WebFlux Kotlin Router DSL
CVSS 4.8
CVE-2026-41006
HIGH
Spring HATEOAS Collection+JSON/UBER deserializers do not honor Jackson configuration
CVSS 7.5
CVE-2026-11621
MEDIUM
Dcat-Admin User Setting upload editorMDUpload unrestricted upload
CVSS 4.7
CVE-2026-11532
MEDIUM
imvks786 student_management_system Student Record add.php access control
CVSS 6.3
CVE-2026-46441
CRITICAL
Flowise: Mass Assignment in Assistant Update Endpoint Allows Cross-Workspace Resource Reassignment
CVSS 9.6
CVE-2026-42863
HIGH
Flowise: Mass Assignment in Chatflow Update Endpoint Allows Cross-Workspace AgentFlow Reassignment
CVSS 8.1
CVE-2026-42862
MEDIUM
Flowise: Mass Assignment in Tool Update Endpoint Allows Cross-Workspace Resource Reassignment
CVSS 5.0
CVE-2026-42861
CRITICAL
Flowise: Mass Assignment in Variable Update Endpoint Allows Cross-Workspace Resource Reassignment
CVSS 9.6
CVE-2026-11474
HIGH
Kushan2k student-management-system Registration Endpoint RegisterService.php unrestricted upload
CVSS 7.3
CVE-2026-11466
MEDIUM
zilliztech deep-searcher collection_router.py CollectionRouter.invoke access control
CVSS 5.4
Details
Vulnerabilities
5,075