CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,085 vulnerabilities with CWE-284
CVE-2026-28682 MEDIUM
Gokapi < 2.2.3 - Authenticated Improper Access Control via Upload Status SSE
CVSS 6.4
CVE-2026-25877 MEDIUM
Chartbrew <4.8.1 - Privilege Escalation
CVSS 6.5
CVE-2026-29188 CRITICAL
File Browser <2.61.1 - Privilege Escalation
CVSS 9.1
CVE-2026-29077 HIGH
Frappe <15.98.0/14.100.0 - Privilege Escalation
CVSS 7.1
CVE-2026-28410 HIGH
graph_protocol_contracts < 3.0.0 - Incorrect Token Vesting Calculation
CVSS 8.1
CVE-2026-28790 HIGH
olivetin < 3000.11.0 - Unauthenticated Denial of Service via KillAction RPC
CVSS 7.5
CVE-2026-27723 MEDIUM
OpenProject <17.0.5/17.1.2 - Auth Bypass
CVSS 4.3
CVE-2026-26418 HIGH
TCS Cognix Recon Client 3.0 - Auth Bypass
CVSS 7.5
CVE-2026-26417 HIGH
TCS Cognix Recon Client 3.0 - Privilege Escalation
CVSS 8.1
CVE-2026-25702 HIGH
SUSE Linux Enterprise Server 12 SP5 - Auth Bypass
CVSS 7.3
CVE-2026-3543 HIGH
Google Chrome <145.0.7632.159 - Memory Corruption
CVSS 8.8
CVE-2026-3542 HIGH
Google Chrome <145.0.7632.159 - Memory Corruption
CVSS 8.8
CVE-2026-3541 HIGH
Google Chrome <145.0.7632.159 - Memory Corruption
CVSS 8.8
CVE-2026-20073 MEDIUM
Cisco Adaptive Security Appliance Software - Unauthenticated Access Control Bypass via Memory Exhaustion
CVSS 5.8
CVE-2026-20007 MEDIUM
Cisco Secure FTD Snort 2/3 - Auth Bypass
CVSS 5.8
CVE-2026-0012 MEDIUM
ExpandableNotificationRow - Info Disclosure
CVSS 6.2
CVE-2026-28415 MEDIUM
Gradio < 6.6.0 - Open Redirect via Unvalidated _target_url Parameter
CVSS 4.3
CVE-2026-3268 MEDIUM
psi-probe PSI Probe <=5.3.0 - Auth Bypass
CVSS 5.4
CVE-2026-28276 HIGH
Initiative <0.32.2 - Info Disclosure
CVSS 7.5
CVE-2026-28230 MEDIUM
SteVe <=3.11.0 - Privilege Escalation
CVSS 6.3
CVE-2026-28215 CRITICAL
hoppscotch < 2026.2.0 - Unauthenticated Infrastructure Configuration Overwrite via Onboarding Endpoint
CVSS 9.1
CVE-2026-28218 MEDIUM
Discourse <2025.12.2/2026.1.1/2026.2.0 - SQL Injection
CVSS 5.4
CVE-2026-27449 HIGH
Umbraco Engage <16.2.1/17.1.1 - Auth Bypass
CVSS 7.5
CVE-2026-27152 LOW
Discourse < 2025.12.2, 2026.1.1, 2026.2.0 - Improper Access Control via Chat::AddUsersToChannel
CVSS 3.8
CVE-2026-2356 MEDIUM
User Registration & Membership Plugin <5.1.2 - IDOR
CVSS 5.3
Details
Vulnerabilities 5,085
Links
MITRE CWE Entry Search this CWE With Exploits