Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-284

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,270 vulnerabilities with CWE-284

CVE-2025-66911 MEDIUM

Turms IM Server <= 0.10.0-SNAPSHOT - Authenticated Improper Access Control in User Online Status Query

CVE-2025-64400 MEDIUM

Control Panel - Privilege Escalation

CVE-2025-63387 HIGH

Dify 1.9.1 - Unauthenticated Sensitive Data Exposure via System Features Endpoint

CVE-2025-14885 MEDIUM

SourceCodester Client Database Management System 1.0 - Unrestricted File Upload in Leads Generation Module

CVE-2025-67789 MEDIUM

DriveLock 24.1-24.1.5, 24.2-24.2.6, 25.1-25.1.4 - Authenticated Information Disclosure via API

CVE-2025-46292 MEDIUM

iPadOS < 18.7.3 - Unprotected User Data Exposure via Entitlement Bypass

CVE-2025-46288 MEDIUM

iPadOS < 26.2 - Unauthorized Access to Sensitive Payment Tokens

CVE-2025-46282 MEDIUM

macOS Tahoe <26.2 - Info Disclosure

CVE-2025-66397 HIGH

ChurchCRM <6.5.3 - Privilege Escalation

CVE-2025-14095 MEDIUM

Radiometer Products - Privilege Escalation

CVE-2025-11901 HIGH

ASUS Motherboards - Uncontrolled Resource Consumption

CVE-2025-14749 MEDIUM

Ningyuanda TC155 57.0.2.0 - Unauthenticated Incorrect Privilege Assignment in ONVIF PTZ Control Interface

CVE-2025-14748 MEDIUM

Ningyuanda TC155 57.0.2.0 - Unauthenticated Hard Reset via ONVIF Device Management Service

CVE-2025-67715 MEDIUM

Weblate < 5.15 - Unauthenticated User Information Disclosure via API

CVE-2025-55895 CRITICAL

TOTOLINK A3300R <17.0.0cu.557 - Remote RCE

CVE-2025-65176 HIGH

Dynatrace OneAgent < 1.325.47 - Unauthenticated NTLM Relay Attack via Network Share Access

CVE-2025-65780 HIGH

Wekan <18.15 - Privilege Escalation

CVE-2025-65779 HIGH

Wekan < 8.16 - Unauthenticated Board Reordering via Sort Value Manipulation

CVE-2025-14660 MEDIUM

DecoCMS Mesh <1.0.0-alpha.31 - Improper Access Control

CVE-2025-14642 MEDIUM

Computer Laboratory System 1.0 - Unrestricted Upload

CVE-2025-14641 MEDIUM

Computer Laboratory System 1.0 - Unrestricted Upload

CVE-2025-14583 HIGH

campcodes Online Student Enrollment System 1.0 - Unrestricted Upload

CVE-2025-14582 MEDIUM

campcodes Online Student Enrollment System 1.0 - Unrestricted Upload

CVE-2025-43518 LOW

Apple watchOS <26.2 - Info Disclosure

CVE-2025-43513 MEDIUM

macOS <26.2-15.7.3-14.8.3 - Info Disclosure

Previous Page 41 of 211 Next

Details

Vulnerabilities 5,270

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy