Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-284

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,270 vulnerabilities with CWE-284

CVE-2025-57489 HIGH

SuperDuper! - Privilege Escalation via SDAgent setuid Binary

CVE-2025-63525 CRITICAL

Blood Bank Management System 1.0 - Privilege Escalation

CVE-2025-13815 MEDIUM

mogublog < 5.2 - Unrestricted File Upload via /file/pictures filedatas Parameter

CVE-2025-13804 MEDIUM

NutzBoot < 2.6.0-SNAPSHOT - Exposure of Sensitive Information in Ethereum Wallet Handler

CVE-2025-13785 MEDIUM

yungifez Skuul < 2.6.5 - Exposure of Sensitive Information via Image Handler

CVE-2025-66223 HIGH

OpenObserve <0.16.0 - Privilege Escalation

CVE-2025-66027 MEDIUM

rallly < 4.5.6 - Unauthenticated Information Disclosure via API Endpoint

CVE-2025-64715 MEDIUM

Cilium < 1.16.17, 1.17.0-1.17.9, 1.18.0-1.18.3 - Improper Access Control via Invalid AWS Security Group IDs

CVE-2025-65276 CRITICAL

HashTech < 2021-07-02 - Unauthenticated Administrative Access via Missing Authentication Check

CVE-2025-66028 HIGH

OneUptime <8.0.5567 - Privilege Escalation

CVE-2025-55471 HIGH

youlai-boot <2.21.1 - Info Disclosure

CVE-2025-55469 CRITICAL

youlai-boot <2.21.1 - Privilege Escalation

CVE-2025-65239 MEDIUM

OpenCode Systems USSD Gateway OC Release:5 6.13.11 - Improper Access Control in /aux1/ocussd/trace Endpoint

CVE-2025-65238 MEDIUM

OpenCode Systems USSD Gateway OC Release 5 Version 6.13.11 - Improper Access Control in getSubUsersByProvider

CVE-2025-46175 HIGH

Ruoyi v4.8.0 - Improper Access Control in SysUserController authRole Method

CVE-2025-56396 HIGH

Ruoyi 4.8.1 - Privilege Escalation via Department Ownership

CVE-2025-46174 HIGH

Ruoyi v4.8.0 - Improper Access Control in SysUserController resetPwd Method

CVE-2025-65963 MEDIUM

Files <0.16.11 & <0.17.2 - Info Disclosure

CVE-2025-64064 HIGH

Primakon Pi Portal 1.0.18 - Privilege Escalation via PP_SECURITY_PROFILE_ID PATCH Request

CVE-2025-64066 HIGH

Primakon Pi Portal 1.0.18 - Unauthenticated User Registration via REST /api/v2/user/register Endpoint

CVE-2025-54563 HIGH

Desktop Alert PingAlert Application Server 6.1.0.11-6.1.1.2 - Remote Information Disclosure via Incorrect Access Control

CVE-2025-54338 HIGH

Desktop Alert PingAlert Application Server 6.1.0.11-6.1.1.2 - Unauthenticated User Hash Disclosure

CVE-2025-63958 CRITICAL

MILLENSYS Vision Tools Workspace 6.5.0.2585 - Info Disclosure

CVE-2025-13574 MEDIUM

Online Bidding System 1.0 - Unrestricted File Upload via catimage Parameter in categoryadd Function

CVE-2025-13573 MEDIUM

projectworlds advanced_library_management_system 1.0 - Unrestricted File Upload via /add_book.php Image Parameter

Previous Page 44 of 211 Next

Details

Vulnerabilities 5,270

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy