CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

4,788 vulnerabilities with CWE-284
CVE-2026-6492 MEDIUM
arnobt78 Hotel Booking Management System Health Check Endpoint detailed information disclosure
CVSS 5.3
CVE-2026-6489 MEDIUM
QueryMine sms Background Management addteacher.php unrestricted upload
CVSS 6.3
CVE-2026-37100 MEDIUM
Yamaha SR-B30A 2.40 - Auth Bypass
CVSS 6.5
CVE-2026-31843 CRITICAL
Goodoneuz Pay-uz < <= 2.2.24 - Remote Code Execution
CVSS 9.8
CVE-2026-6313 LOW
Google Chrome <147.0.7727.101 - Info Disclosure
CVSS 3.1
CVE-2026-33212 LOW
Weblate: Improper access control for pending tasks in API
CVSS 3.1
CVE-2026-30994 HIGH
Slah <=1.5.0 - Info Disclosure
CVSS 7.5
CVE-2026-20203 MEDIUM
Improper Access Control in Data Model Acceleration in Splunk Enterprise
CVSS 4.3
CVE-2026-33103 MEDIUM
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
CVSS 5.5
CVE-2026-32220 MEDIUM
UEFI Secure Boot Security Feature Bypass Vulnerability
CVSS 4.4
CVE-2026-32214 MEDIUM
Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability
CVSS 5.5
CVE-2026-27914 HIGH
Microsoft Management Console Elevation of Privilege Vulnerability
CVSS 7.8
CVE-2026-26183 HIGH
Remote Access Management service/API (RPC server) Elevation of Privilege Vulnerability
CVSS 7.8
CVE-2026-22692 MEDIUM
October CMS: Twig Sandbox Bypass via Collection Methods
CVSS 4.9
CVE-2026-22566 HIGH
UniFi Play PowerAmp <1.0.38 - Info Disclosure
CVSS 7.5
CVE-2026-22564 CRITICAL
UniFi Play PowerAmp <1.0.38 - Auth Bypass
CVSS 9.8
CVE-2026-6201 MEDIUM
CodeAstro Online Job Portal Delete Job Posting job-delete.php access control
CVSS 5.4
CVE-2026-31282 CRITICAL
Totara LMS <=v19.1.5 - Incorrect Access Control
CVSS 9.8
CVE-2026-34860 MEDIUM
Huawei HarmonyOS <6.0.0 - Auth Bypass
CVSS 4.1
CVE-2026-40252 HIGH
Broken Access Control (IDOR) Leading to Cross-Tenant Application Access in FastGPT
CVSS 8.1
CVE-2026-23782 HIGH
BMC Control-M/MFT 9.0.20-9.0.22 - Info Disclosure
CVSS 7.5
CVE-2026-6000 MEDIUM
code-projects Online Library Management System SQL Database Backup File library.sql information disclosure
CVSS 4.3
CVE-2026-39942 HIGH
Directus has a Path Traversal and Broken Access Control in File Management API
CVSS 8.5
CVE-2026-5960 MEDIUM
code-projects Patient Record Management System SQL Database Backup File hcpms.sql information disclosure
CVSS 4.3
CVE-2026-5847 MEDIUM
code-projects Movie Ticketing System SQL Database Backup File moviedb.sql information disclosure
CVSS 4.3
Details
Vulnerabilities 4,788
Links
MITRE CWE Entry Search this CWE With Exploits