Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-284

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,280 vulnerabilities with CWE-284

CVE-2025-53057 MEDIUM

Oracle Java SE 8u461, 11.0.28, 17.0.16, 21.0.8, 25; GraalVM - Unauthenticated Data Access

CVE-2025-53052 MEDIUM

Oracle Workflow 12.2.3-12.2.14 - Unauthenticated Improper Access Control in Workflow Notification Mailer

CVE-2025-53049 HIGH

Oracle Business Intelligence Enterprise Edition 7.6.0.0.0/8.2.0.0.0 - Authenticated RCE via Analytics Web Administration

CVE-2025-53041 MEDIUM

Oracle iStore 12.2.5-12.2.14 - Unauthenticated Improper Access Control in Shopping Cart

CVE-2025-53035 MEDIUM

Oracle Financial Services Analytical Applications Infrastructure 8.0.7.9/8.0.8.7/8.1.2.5 - Unauthorized Data Access

CVE-2025-52079 HIGH

D-Link DIR-820L 1.06B02 - Unauthenticated Password Change via /get_set.ccp

CVE-2025-50075 MEDIUM

Oracle Financial Services Revenue Management <7.2.0.0.0 - Unauthori...

CVE-2025-60427 MEDIUM

LibreTime 3.0.0-alpha.10 - Info Disclosure

CVE-2025-62510 HIGH

FileRise < 1.5.0 - Improper Access Control via Folder Name Inference

CVE-2025-62509 HIGH

FileRise < 1.4.0 - Unauthorized File Operations via Insecure Folder Ownership Inference

CVE-2025-48025 MEDIUM

Samsung Exynos Firmware - Improper Access Control in Log File

CVE-2025-56219 HIGH

SigningHub < 8.6.8 - Unauthenticated User Account Creation and Denial of Service

CVE-2025-11908 MEDIUM

Streamax Crocus 1.3.40 - Unauthenticated Unrestricted File Upload via FileDir.do Upload Action

CVE-2025-57567 CRITICAL

PluXml CMS - Authenticated Remote Code Execution via Theme Editor File Overwrite

CVE-2025-11853 MEDIUM

Sismics Teedy < 1.11 - Improper Access Control in API Endpoint

CVE-2025-53092 MEDIUM

Strapi < 5.20.0 - CORS Misconfiguration via Origin Header Reflection

CVE-2025-61543 HIGH

CraftMyCMS 4.0.2.2 - Host Header Injection

CVE-2025-61541 HIGH

Webmin 2.510 - Host Header Injection

CVE-2025-9804 CRITICAL

WSO2 API Manager and Analytics - Improper Access Control in SOAP Admin Services and System REST APIs

CVE-2025-43313 MEDIUM

macOS < 13.7.7, < 14.7.7, < 15.6 - Unprotected User Data Exposure via Logic Issue

CVE-2025-59494 HIGH

Azure Monitor Agent < 1.38.1 - Authenticated Privilege Escalation

CVE-2025-59253 MEDIUM

Windows 10 1507-22H2, Windows 11 22H2-25H2, Windows Server 2012 - Authenticated Denial of Service in Search Component

CVE-2025-59230 HIGH KEV

Windows Remote Access Connection Manager - Privilege Escalation via Improper Access Control

CVE-2025-59201 HIGH

Windows 10/11, Server 2008 - Privilege Escalation via Network Connection Status Indicator

CVE-2025-59199 HIGH

Windows 10 1809-11 24H2 and Windows Server 2019-2025 - Privilege Escalation in Software Protection Platform

Previous Page 51 of 212 Next

Details

Vulnerabilities 5,280

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy