Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-284

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,270 vulnerabilities with CWE-284

CVE-2026-24304 CRITICAL

Azure Resource Manager - Privilege Escalation

CVE-2026-24306 CRITICAL

Azure Front Door - Privilege Escalation

CVE-2026-20912 CRITICAL

Gitea < 1.25.4 - Improper Access Control in Release Attachment Linking

CVE-2026-20904 MEDIUM

Gitea < 1.25.4 - Authenticated Improper Access Control in OpenID URI Visibility

CVE-2026-20897 CRITICAL

Gitea < 1.25.4 - Improper Access Control in Git LFS Lock Deletion

CVE-2026-20888 MEDIUM

Gitea < 1.25.4 - Improper Access Control via Scheduled Auto-Merge Cancellation

CVE-2026-20883 MEDIUM

Gitea < 1.25.4 - Improper Access Control in Stopwatch API

CVE-2026-20750 CRITICAL

Gitea < 1.25.4 - Improper Access Control in Organization Project Operations

CVE-2026-20736 HIGH

Gitea < 1.25.4 - Improper Access Control in Attachment Deletion

CVE-2026-0798 LOW

Gitea < 1.25.4 - Improper Access Control in Release Notification Emails

CVE-2026-24055 MEDIUM

langfuse < 3.147.0 - Unauthenticated Slack Integration Hijacking via ProjectId Spoofing

CVE-2026-24039 MEDIUM

Horilla 1.4.0 - Privilege Escalation

CVE-2026-24036 MEDIUM

Horilla 1.4.0-1.4.x - Unauthenticated Unpublished Job Posting Exposure via Recruitment Details Endpoint

CVE-2026-24035 MEDIUM

Horilla HRMS <1.5.0 - Privilege Escalation

CVE-2026-21984 HIGH

Oracle VM VirtualBox 7.1.14 and 7.2.4 - Authenticated Privilege Escalation in Core Component

CVE-2026-21982 HIGH

Oracle VM VirtualBox 7.1.14 and 7.2.4 - Unauthenticated Remote Code Execution

CVE-2026-21962 CRITICAL

Oracle HTTP Server & WebLogic Proxy Plug-in 12.2.1.4.0/14.1.1.0.0/14.1.2.0.0 - Unauthenticated Access Control

CVE-2026-21961 MEDIUM

Oracle PeopleSoft Enterprise HCM 9.2 - Unauthenticated Access Control in Company Dir / Org Chart Viewer

CVE-2026-21960 MEDIUM

Oracle Applications DBA 12.2.3-12.2.15 - Authenticated Unauthorized Data Access via Java Utils

CVE-2026-21959 MEDIUM

Oracle Workflow 12.2.3-12.2.15 - Authenticated Unauthorized Data Access via Workflow Loader

CVE-2026-21636 CRITICAL

Node.js 25.0.0-25.2.9 - Improper Access Control via Unix Domain Socket Connection Bypass

CVE-2026-1197 LOW

MineAdmin 1.x/2.x - Information Disclosure via /system/downloadById ID Parameter

CVE-2026-1196 LOW

MineAdmin 1.x/2.x - Information Disclosure via /system/getFileInfoById ID Parameter

CVE-2026-1194 MEDIUM

MineAdmin 1.x/2.x - Information Disclosure in Swagger Component

CVE-2026-23877 MEDIUM

Swing Music <2.1.4 - Path Traversal

Previous Page 35 of 211 Next

Details

Vulnerabilities 5,270

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy