Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-284

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,280 vulnerabilities with CWE-284

CVE-2025-12268 MEDIUM

LearnHouse < 2025-09-21 - Unrestricted File Upload via Course Thumbnail Handler

CVE-2025-12223 MEDIUM

Bdtask Flight Booking Software < 3.1 - Unrestricted File Upload in Package Information Module

CVE-2025-12222 MEDIUM

Bdtask Flight Booking Software < 3.1 - Unrestricted File Upload via Deposit Handler

CVE-2025-12201 MEDIUM

ajayrandhawa user-management-php-mysql < 2023-03-16 - Unrestricted File Upload via Image Argument

CVE-2025-6680 MEDIUM

Tutor LMS < 3.8.3 - Authenticated Sensitive Information Exposure via Assignment Review

CVE-2025-59500 HIGH

Azure Notification Service - Privilege Escalation via Improper Access Control

CVE-2025-59273 HIGH

Azure Event Grid - Unauthenticated Privilege Escalation

CVE-2025-62713 HIGH

Kottster 3.2.0-3.3.1 - Unauthenticated Remote Code Execution in Development Mode

CVE-2025-62395 MEDIUM

moodle 4.1.0-4.1.20 - Improper Access Control in Cohort Search Web Service

CVE-2025-62393 MEDIUM

moodle 5.0.0-5.0.3 - Improper Access Control in Course Overview Output

CVE-2025-62290 HIGH

Oracle ZFS Storage Appliance Kit 8.8 - Remote Code Execution via Block Storage Component

CVE-2025-61881 MEDIUM

Oracle Java VM 19.3-19.28, 21.3-21.19, 23.4-23.9 - Unauthenticated Improper Access Control via Oracle Net

CVE-2025-61763 HIGH

Oracle Essbase 21.7.3.0.0 - Unauthorized Data Access and Modification via HTTP

CVE-2025-61762 MEDIUM

Oracle PeopleSoft Enterprise FIN Payables 9.2 - Improper Access Control

CVE-2025-61761 MEDIUM

Oracle PeopleSoft Enterprise FIN Maintenance Management 9.2 - Improper Access Control in Work Order Management

CVE-2025-61760 HIGH

Oracle VM VirtualBox 7.1.12 and 7.2.2 - Authenticated Remote Code Execution

CVE-2025-61758 MEDIUM

Oracle PeopleSoft Enterprise FIN IT Asset Management 9.2 - Unauthorized Data Access via HTTP

CVE-2025-61749 LOW

Oracle Database Server 23.4-23.9 - Authenticated Unauthorized Data Manipulation in Unified Audit

CVE-2025-61748 LOW

Oracle GraalVM and Java SE - Unauthenticated Improper Access Control

CVE-2025-53071 MEDIUM

Oracle Applications Framework 12.2.3-12.2.14 - Authenticated Improper Access Control in Upload Attachments

CVE-2025-53064 MEDIUM

Oracle Applications Framework 12.2.3-12.2.14 - Authenticated Unauthorized Data Manipulation in Personalization

CVE-2025-53061 MEDIUM

Oracle PeopleSoft Enterprise PeopleTools 8.60-8.62 - Authenticated Improper Access Control in PIA Core Technology

CVE-2025-53060 MEDIUM

Oracle JD Edwards EnterpriseOne Tools 9.2.0.0-9.2.9.4 - Unauthenticated Improper Access Control via Web Runtime SEC

CVE-2025-53059 MEDIUM

Oracle PeopleSoft Enterprise PeopleTools 8.60-8.62 - Unauthorized Data Access via OpenSearch Dashboards

CVE-2025-53058 MEDIUM

Oracle Applications Manager 12.2.3-12.2.14 - Unauthenticated Improper Access Control via Application Logging Interfaces

Previous Page 50 of 212 Next

Details

Vulnerabilities 5,280

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy