CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,085 vulnerabilities with CWE-284
CVE-2026-33309 CRITICAL
Langflow 1.2.0-1.8.1 v2 File Upload - Arbitrary File Write
CVSS 9.9
CVE-2026-32299 HIGH
Connect CMS: Information Disclosure Due to Improper Authorization through the Page Content Retrieval Feature
CVSS 7.5
CVE-2026-0898 CRITICAL
Pega Browser Extension for Pega Robot Studio 22.1 and R25 - Arbitrary File Write
CVE-2026-33478 CRITICAL
AVideo Multi-Chain Attack: Unauthenticated Remote Code Execution via Clone Key Disclosure, Database Dump, and Command Injection
CVSS 10.0
CVE-2026-4586 MEDIUM
CodePhiliaX Chat2DB JDBC Driver Upload JdbcDriverController.java upload unrestricted upload
CVSS 6.3
CVE-2026-4628 MEDIUM
Keycloak: org.keycloak.authorization: keycloak: unauthorized resource modification due to improper access control
CVSS 4.3
CVE-2026-4536 HIGH
Acrel Environmental Monitoring Cloud Platform unrestricted upload
CVSS 7.3
CVE-2026-4514 MEDIUM
PbootCMS Backend UserController.php access control
CVSS 6.3
CVE-2026-4505 MEDIUM
eosphoros-ai DB-GPT FastAPI Endpoint controller.py module_plugin.refresh_plugins unrestricted upload
CVSS 6.3
CVE-2026-32768 CRITICAL
Chall-Manager's invalid NetworkPolicy enables a malicious actor to pivot into another namespace
CVSS 9.9
CVE-2026-32938 CRITICAL
SiYuan <3.6.1 Desktop Publish Service - Arbitrary File Read
CVSS 9.9
CVE-2026-33062 HIGH
free5GC NRF Discovery EncodeGroupId Function Panics on Malformed group-id-list Parameter
CVSS 7.5
CVE-2026-32769 CRITICAL
Fullchain's Invalid NetworkPolicy enables a malicious actor to pivot into another namespace
CVSS 9.8
CVE-2026-32761 MEDIUM
File Browser <2.62.0 Public Shares - Download Authorization Bypass
CVSS 6.5
CVE-2026-32760 CRITICAL
File Browser Self Registration Grants Any User Admin Access When Default Permissions Include Admin
CVSS 9.8
CVE-2026-33393 MEDIUM
Discourse fixes loose hostname matching in spam host allowlist
CVSS 4.3
CVE-2026-32752 NONE
FreeScout: Broken Access Control in ThreadPolicy — Any User Can Read/Edit All Customer Messages
CVE-2026-32038 CRITICAL
OpenClaw - Sandbox Network Isolation Bypass via docker.network=container Parameter
CVSS 9.8
CVE-2026-32737 CRITICAL
Romeo's invalid NetworkPolicy enables a malicious actor to pivot into another namespace
CVSS 10.0
CVE-2026-32693 HIGH
Unauthorized access to Kubernetes secrets in Juju
CVSS 8.8
CVE-2026-32254 HIGH
kube-router <2.8.0 Proxy Module - ExternalIP Traffic Hijacking
CVSS 7.1
CVE-2026-21994 CRITICAL
Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit 0.3.0 - RCE
CVSS 9.8
CVE-2026-30707 HIGH
SpeedExam Online Examination System FEV2026 - Auth Bypass
CVSS 8.1
CVE-2026-4221 HIGH
Tiandy Easy7 Integrated Management Platform Endpoint uploadLedImage unrestricted upload
CVSS 7.3
CVE-2026-4220 HIGH
Technologies Integrated Management Platform SetWebpagePic.jsp unrestricted upload
CVSS 7.3
Details
Vulnerabilities 5,085
Links
MITRE CWE Entry Search this CWE With Exploits