Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-284

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,075 vulnerabilities with CWE-284

CVE-2026-11078 MEDIUM

Google Chrome - Improper Input Validation

CVE-2026-11026 MEDIUM

Google Chrome < 149.0.7827.53 - Navigation Restriction Bypass via Malicious Extension

CVE-2026-11017 MEDIUM

Google Chrome < 149.0.7827.53 - Navigation Restriction Bypass via Link Preview

CVE-2026-5228 HIGH

Improper Access Control in Kurt Software Studio's WriteUp Mobile App

CVE-2026-36180 MEDIUM

GNCC GP5 7.1.76 - File System Protection Bypass via Bind-Mount Attack

CVE-2026-35904 CRITICAL

T3 Technology CPE T625Pro 1.0.07 T6825G 1.0.03 T7281 1.0.03 - Unauthenticated Telnet Service Enablement via CGI Request

CVE-2026-10807 MEDIUM

mjperpinosa stumasy change_profile_image.php unrestricted upload

CVE-2026-10806 MEDIUM

mjperpinosa stumasy add_post.php unrestricted upload

CVE-2026-42074 CRITICAL

OpenClaude: Sandbox Bypass via Model-Controlled `dangerouslyDisableSandbox` Input

CVE-2026-40715 HIGH

Dell ThinOS 10 < 2602_10.0765_T10 - Improper Access Control

CVE-2026-40713 MEDIUM

Dell ThinOS 10 < 2602_10.0765_T10 - Improper Access Control

CVE-2026-9590 MEDIUM

Devolutions Server < 2026.1.19 - Authenticated Permission Bypass in Asset Information Edit

CVE-2026-9522 MEDIUM

Devolutions Server < 2026.1.19 - Authenticated Improper Access Control in PAM Account Discovery

CVE-2026-45080 MEDIUM

Klaw: Improper Access Control Allows Disclosure of Password Hash

CVE-2026-7198 CRITICAL

CWE-284: Improper Access Control in web services in Progress Sitefinity

CVE-2026-3198 MEDIUM

Improper Access Control in mlflow/mlflow

CVE-2026-9614 HIGH

Ivanti Neurons for ITSM - Authenticated Privilege Escalation to Administrative Access

CVE-2026-45284 MEDIUM

Nextcloud user_oidc 1.3.6-8.3.9 - Improper Access Control for Deleted LDAP Users

CVE-2026-45282 MEDIUM

Nextcloud Server 32.0.0-32.0.8 & 33.0.0-33.0.2 - Improper Access Control via Link Share

CVE-2026-37235 HIGH

FlexRIC 2.0.0 - Unauthenticated xApp Impersonation via E42 Message xapp_id Spoofing

CVE-2026-10277 MEDIUM

j3k0 mcp-google-workspace - Incorrect Privilege Assignment in Gmail Tool saveToDisk Function

CVE-2026-45266 LOW

Nextcloud: Unauthorized force-mute from missing permission check when using internal signaling

CVE-2026-45264 MEDIUM

Nextcloud: ACL Rename Permission Bypass in Team Folders Allows Unauthorized File Renames

CVE-2026-45157 MEDIUM

Nextcloud: Valid share tokens allow to access tempory upload files of share owner

CVE-2026-45154 LOW

Nextcloud: Improper Access Control in Collectives

Previous Page 4 of 203 Next

Details

Vulnerabilities 5,075

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy