Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-284

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,270 vulnerabilities with CWE-284

CVE-2025-13544 MEDIUM

ashraf-kabir travel-agency < 2025-07-05 - Unrestricted File Upload via /customer_register.php

CVE-2025-31216 LOW

iPadOS < 17.7.7 and < 18.5 - Physical Access Managed Wi-Fi Profile Bypass

CVE-2025-64483 MEDIUM

wazuh-dashboard-plugins 4.9.0-4.12.9 - Credential Exposure via /utils/configuration

CVE-2025-64660 HIGH

Visual Studio Code < 1.106.2 - Authenticated Remote Code Execution

CVE-2025-48986 HIGH

Revive Adserver <6.0.1 - Auth Bypass

CVE-2025-60799 MEDIUM

phpPgAdmin <7.13.0 - Code Injection

CVE-2025-13443 MEDIUM

macrozheng mall < 1.0.3 - Incorrect Privilege Assignment via /member/readHistory/delete ids Parameter

CVE-2025-13423 MEDIUM

Campcodes Retro Basketball Shoes Online Store 1.0 - Unrestricted File Upload via product_image Argument

CVE-2025-13411 MEDIUM

Campcodes Retro Basketball Shoes Online Store 1.0 - Unrestricted File Upload via product_image Argument

CVE-2025-63214 MEDIUM

bridgetech VBC Server & Element Manager 6.5.0-9, 6.5.0-10 - Unauthenticated Arbitrary Account Creation and Deletion

CVE-2025-63223 CRITICAL

Axel Technology StreamerMAX MK II <1.0.3 - Auth Bypass

CVE-2025-63221 CRITICAL

Axel Technology puma <1.0.3 - Auth Bypass

CVE-2025-63219 HIGH

ITEL ISO FM SFN Adapter - Session Hijacking

CVE-2025-63218 CRITICAL

Axel Technology WOLF1MS and WOLF2MS <=1.0.3 - Unauthenticated Admin Access

CVE-2025-63225 CRITICAL

Eurolab ELTS100_UBX - Privilege Escalation

CVE-2025-56499 MEDIUM

mihomo 1.19.11 - Authenticated Arbitrary File Read via External Control Key

CVE-2025-37155 HIGH

ArubaOS-CX 10.10.0000-10.10.1169 - Authenticated Privilege Escalation via SSH Restricted Shell

CVE-2025-53360 MEDIUM

pluginsGLPI's Database Inventory Plugin <1.0.3 - Privilege Escalation

CVE-2025-41737 HIGH

metz-connect ewio2-m_firmware < 2.2.0 - Unauthenticated Source Code Disclosure via PHP Module

CVE-2025-13275 MEDIUM

Iqbolshoh php-business-website <10677743a8dfc281f85291a27cf63a0bce0...

CVE-2025-13250 MEDIUM

datax-web < 2.1.2 - Unauthenticated Improper Access Control in Job Handler

CVE-2025-13249 MEDIUM

Jiusi OA <20251102 - Unrestricted Upload

CVE-2025-13238 MEDIUM

Bdtask Flight Booking Software 4 - Unrestricted File Upload in Edit Profile Page

CVE-2025-13198 MEDIUM

DouPHP <1.8 Release 20251022 - Unrestricted Upload

CVE-2025-12182 MEDIUM

Qi Blocks <1.4.3 - Privilege Escalation

Previous Page 45 of 211 Next

Details

Vulnerabilities 5,270

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy