Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-284

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,270 vulnerabilities with CWE-284

CVE-2026-1170 MEDIUM

birkir prime < 0.4.0 - Information Disclosure via GraphQL API

CVE-2026-23522 LOW

LobeChat <2.0.0-next.193 - Privilege Escalation

CVE-2026-1181 CRITICAL

Altium 365 - Improper Access Control via Overly Permissive CORS Policy

CVE-2026-1152 MEDIUM

technical-laohu mpay < 1.2.4 - Unrestricted File Upload via QR Code Image Handler

CVE-2026-1126 MEDIUM

LWJ Flow - Unrestricted File Upload in SVG File Handler

CVE-2026-1107 MEDIUM

EyouCMS <1.7.1/5.0 - Unrestricted Upload

CVE-2026-1061 MEDIUM

xiweicheng TMS <2.28.0 - Unrestricted Upload

CVE-2026-1009 CRITICAL

Altium Live - Authenticated Stored Cross-Site Scripting in Forum Post Content

CVE-2026-23496 MEDIUM

Pimcore Web2Print Tools Bundle <6.1.1 - Privilege Escalation

CVE-2026-23495 MEDIUM

Pimcore <2.2.3-1.7.16 - Info Disclosure

CVE-2026-23494 MEDIUM

Pimcore <12.3.1-11.5.14 - Info Disclosure

CVE-2026-22909 HIGH

SICK TDC-X401GL Firmware - Unauthenticated Improper Access Control

CVE-2026-21889 HIGH

Weblate < 5.15.2 - Unauthenticated Screenshot Access via Direct HTTP Request

CVE-2026-20949 HIGH

Microsoft Office Excel - Info Disclosure

CVE-2026-20929 HIGH

Windows HTTP.sys - Privilege Escalation

CVE-2026-20843 HIGH

Windows RRAS - Privilege Escalation

CVE-2026-20839 MEDIUM

Windows Client-Side Caching - Info Disclosure

CVE-2026-20825 MEDIUM

Windows 10 1809 and Windows Server 2019 < 10.0.17763.8276 - Authenticated Information Disclosure

CVE-2026-0386 HIGH

Windows Server 2008-2025 - Unauthenticated Remote Code Execution via Deployment Services

CVE-2026-0881 CRITICAL

Firefox and Thunderbird < 147.0 - Sandbox Escape via Messaging System Component

CVE-2026-22033 MEDIUM

Label Studio < 1.22.0 - Stored Cross-Site Scripting via Custom Hotkeys

CVE-2026-22605 MEDIUM

OpenProject < 16.6.3 - Improper Access Control via Meeting Details

CVE-2026-22043 CRITICAL

RustFS 1.0.0-alpha.13-1.0.0-alpha.78 - Privilege Escalation via Flawed IAM deny_only Short-Circuit

CVE-2026-21694 MEDIUM

Titra < 0.99.50 - Improper Access Control

CVE-2026-0643 HIGH

projectworlds House Rental and Property Listing 1.0 - Unrestricted File Upload via Signup Image Parameter

Previous Page 36 of 211 Next

Details

Vulnerabilities 5,270

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy