Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-284

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,270 vulnerabilities with CWE-284

CVE-2025-70986 HIGH

RuoYi 4.8.2 - Unauthenticated Sensitive Data Exposure via selectDept Function

CVE-2025-70985 CRITICAL

RuoYi 4.8.2 - Unauthenticated Improper Access Control in Update Function

CVE-2025-70983 CRITICAL

SpringBlade 4.5.0 - Privilege Escalation via Incorrect Access Control in authRoutes

CVE-2025-69908 HIGH

Newgen OmniApp - Unauthenticated Information Disclosure via Client-Side JavaScript Resource

CVE-2025-69907 HIGH

Newgen OmniDocs - Unauthenticated Information Disclosure via GetListofCabinet API Endpoint

CVE-2025-69822 HIGH

Atomberg Erica Smart Fan Firmware V1.0.36 - Exposure of Sensitive Information via Crafted Deauth Frame

CVE-2025-65098 HIGH

typebot < 3.13.2 - Unauthenticated Credential Theft via Malicious Typebot Preview

CVE-2025-14083 LOW

Keycloak - Improper Access Control in Admin REST API

CVE-2025-14977 HIGH

Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <4.2...

CVE-2025-31186 LOW

Xcode < 16.3 - Privacy Preferences Bypass via Permissions Issue

CVE-2025-24090 LOW

iPadOS < 18.3 - Improper Access Control

CVE-2025-64516 HIGH

GLPI 10.0.0-10.0.20 - Unauthenticated Document Access via Public FAQ

CVE-2025-61973 HIGH

Epic Games Store - Privilege Escalation

CVE-2025-14338 HIGH

Polkit <0.69.0 - Privilege Escalation

CVE-2025-68949 MEDIUM

n8n 1.36.0-2.1.9 - IP Whitelist Bypass via Partial String Matching

CVE-2025-15503 HIGH

Sangfor O&M Security Management System <=3.0.8 - Unrestricted File Upload via common.jsp

CVE-2025-46299 MEDIUM

Safari < 26.2 - Information Disclosure via Memory Initialization Issue

CVE-2025-46297 MEDIUM

macOS Tahoe <26.2 - Info Disclosure

CVE-2025-15495 MEDIUM

BiggiDroid Simple PHP CMS 1.0 - Unrestricted File Upload via Image Parameter in /admin/editsite.php

CVE-2025-68716 HIGH

KAYSUS KS-WR3600 Firmware 1.0.5.9.1 - Unauthenticated Root Shell Access via SSH

CVE-2025-69221 MEDIUM

LibreChat 0.8.1-rc2 - Authenticated Improper Access Control via Agent Permissions Query

CVE-2025-69220 HIGH

LibreChat 0.8.1-rc2 - Authenticated Improper Access Control in File Upload and Search

CVE-2025-0980 MEDIUM

Nokia SR Linux < 23.10.6 and 24.10.2 - Unauthenticated JSON-RPC Access

CVE-2025-15448 MEDIUM

cld378632668 JavaMall <994f1e2b019378ec9444cdf3fce2d5b5f72d28f0 - U...

CVE-2025-69284 MEDIUM

Plane < 1.2.0 - Unauthenticated Improper Access Control via Workspace Members API

Previous Page 39 of 211 Next

Details

Vulnerabilities 5,270

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy