CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,075 vulnerabilities with CWE-284
CVE-2026-10255 MEDIUM
SourceCodester Pharmacy Sales and Inventory System ShowForm.php sell_statement access control
CVSS 5.3
CVE-2026-10205 MEDIUM
Metasoft 美特软件 MetaCRM upload.jsp unrestricted upload
CVSS 6.3
CVE-2026-10172 MEDIUM
Bdtask Multi-Store Inventory Management System Component Module.php upload unrestricted upload
CVSS 6.3
CVE-2026-10152 MEDIUM
TaleLin lin-cms-spring-boot book Endpoint BookController.java access control
CVSS 6.3
CVE-2026-45707 HIGH
n8n-MCP: Multi-tenant MCP requests fall back to process-level n8n credentials when tenant headers are absent or incomplete
CVSS 8.1
CVE-2026-45043 CRITICAL
RustFS: ImportIam Allows Creation of Backdoor Service Accounts Under Any Parent Including Root
CVE-2026-49198 MEDIUM
Predator Connect W6x: MQTT Broker Access Control
CVSS 4.9
CVE-2026-46842 MEDIUM
Oracle REST Data Services 24.2.0-26.1.0 - Unauthenticated Data Manipulation via HTTPS
CVSS 5.3
CVE-2026-46840 CRITICAL
Oracle REST Data Services 24.2.0-26.1.0 - Unauthenticated Remote Code Execution via HTTPS
CVSS 10.0
CVE-2026-46839 CRITICAL
Oracle REST Data Services 24.2.0-26.1.0 - Authenticated Remote Code Execution
CVSS 9.9
CVE-2026-46828 HIGH
Oracle Payroll 12.2.3-12.2.15 - Authenticated Unauthorized Data Access and Modification via HTTP
CVSS 8.1
CVE-2026-46827 HIGH
Oracle Payroll 12.2.3-12.2.15 - Authenticated Remote Code Execution in Self Service Manager
CVSS 8.8
CVE-2026-46824 CRITICAL
Oracle Universal Work Queue 12.2.3-12.2.15 - Remote Code Execution via Work Provider
CVSS 9.9
CVE-2026-46822 CRITICAL
Oracle iAssets 12.2.3-12.2.15 - Authenticated Remote Code Execution via HTTP
CVSS 9.9
CVE-2026-46821 HIGH
Oracle Financials Common Modules 12.2.3-12.2.15 - Unauthorized Data Access via HTTP
CVSS 7.7
CVE-2026-46820 HIGH
Oracle Financials Common Modules 12.2.3-12.2.15 - Authenticated Unauthorized Data Access via HTTP
CVSS 8.5
CVE-2026-46819 CRITICAL
Oracle Internet Procurement Connector 12.2.3-12.2.15 - Unauthenticated Data Manipulation and Access via HTTP
CVSS 9.1
CVE-2026-46818 HIGH
Oracle Payments 12.2.3-12.2.15 - Unauthenticated Data Manipulation and Access via File Transmission
CVSS 7.4
CVE-2026-46775 CRITICAL
Oracle REST Data Services 24.2.0-26.1.0 - Authenticated Remote Code Execution via HTTPS
CVSS 9.9
CVE-2026-35277 HIGH
Oracle REST Data Services 24.2.0-26.1.0 - Authenticated Unauthorized Data Access and Modification via HTTPS
CVSS 8.1
CVE-2026-45296 HIGH
OpenReplay: Cross-tenant information disclosure in app_apikey projectKey routes via missing tenant binding
CVSS 7.7
CVE-2026-41160 MEDIUM
EspoCRM: Broken Access Control / IDOR in Note Pinning API allows unauthorized modification of notes
CVSS 4.3
CVE-2026-7862 HIGH
Eupago Gateway For Woocommerce < 4.7.2 - Unauthenticated Arbitrary Refund Initiation
CVSS 8.6
CVE-2026-32995 HIGH
Rocket.Chat - Improper Access Control
CVSS 7.5
CVE-2026-9789 HIGH
NitroSense V3: Security Vulnerability Information
Details
Vulnerabilities 5,075
Links
MITRE CWE Entry Search this CWE With Exploits