Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-284

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

4,788 vulnerabilities with CWE-284

CVE-2026-22011 HIGH

Oracle Applications DBA 12.2.3-12.2.15 - Privilege Escalation

CVE-2026-22010 HIGH

Oracle Financial Services Analytical Applications Infrastructure 8.0.7.9 - Info Disclosure

CVE-2026-21997 HIGH

Oracle Life Sciences Empirica Signal 9.2.1-9.2.3 - RCE

CVE-2026-40889 MEDIUM

Frappe HR has Improper Access Control on Files

CVE-2026-40888 MEDIUM

Frappe HR vulnerable to Improper Access Control

CVE-2026-40874 MEDIUM

mailcow: dockerized missing authorization on Forwarding Hosts delete action

CVE-2026-40867 HIGH

Horilla: Unauthorized Helpdesk Attachment Access via Attachment ID Manipulation

CVE-2026-40866 HIGH

Horilla: Unauthorized Document Overwrite via File Upload Endpoint

CVE-2026-40865 HIGH

Horilla: Insecure Direct Object Reference at `/employee/view-file/<int:id>

CVE-2026-40569 CRITICAL

FreeScout's Mass Assignment in Mailbox Connection Settings Enables Silent Email Exfiltration

CVE-2026-30452 MEDIUM

Textpattern CMS 4.9.0 - Privilege Escalation

CVE-2026-40498 CRITICAL

FreeScout has Authentication Bypass and Information Disclosure in SystemController via /system/cron

CVE-2026-31018 HIGH

Dolibarr ERP & CRM <=22.0.4 - Code Injection

CVE-2026-29644 MEDIUM

XiangShan - Memory Corruption

CVE-2026-39386 HIGH

Neko has Self-service Privilege Escalation for Authenticated Users

CVE-2026-35570 HIGH

OpenClaude has Sandbox Bypass via Early-Exit Logic Flaw that Allows Path Traversal

CVE-2026-34082 MEDIUM

Dify has IDOR in deleting someone else's chat conversation

CVE-2026-33031 HIGH

Nginx-UI: Disabled users retain full API access through previously issued bearer tokens

CVE-2026-6650 MEDIUM

Z-BlogPHP ZBA File app_upload.php UnPack unrestricted upload

CVE-2026-6602 HIGH

rickxy Hospital Management System his_admin_account.php unrestricted upload

CVE-2026-6596 HIGH

langflow-ai langflow API Endpoint endpoints.py create_upload_file unrestricted upload

CVE-2026-6561 MEDIUM

EyouCMS Index.php edit_adminlogo unrestricted upload

CVE-2026-40474 HIGH

wger has Broken Access Control in the Global Gym Configuration Update Endpoint

CVE-2026-40304 MEDIUM

zrok's broken ownership check in DELETE /api/v2/unaccess allows non-admin to delete global frontend records

CVE-2026-35402 LOW

mcp-neo4j-cypher: SSRF and Data Modification via read_only Mode Bypass Through CALL Procedures

Previous Page 4 of 192 Next

Details

Vulnerabilities 4,788

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy