Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-284

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,283 vulnerabilities with CWE-284

CVE-2025-61777 CRITICAL

FlagForge 2.0.0-2.3.1 - Unauthenticated Improper Access Control in Badge Template Endpoints

CVE-2025-57247 CRITICAL

BATBToken <0.8.26+commit.8a97fa7 - Privilege Escalation

CVE-2025-11320 MEDIUM

zhuimengshaonian wisdom-education <1.0.4 - Unrestricted Upload

CVE-2025-11318 HIGH

Tipray Data Leakage Prevention System 1.0 - Unrestricted Upload

CVE-2025-11281 MEDIUM

Frappe LMS 2.35.0 - Info Disclosure

CVE-2025-59943 HIGH

phpMyFAQ < 4.0.13 - Improper Access Control via Duplicate Email Registration

CVE-2025-59951 CRITICAL

Termix < 1.6.0 - Unauthenticated Sensitive Information Exposure via /ssh/db/host/internal Endpoint

CVE-2025-58055 MEDIUM

Discourse < 3.5.1 - Authenticated Improper Access Control via AI Suggestion Endpoint Topic ID Manipulation

CVE-2025-20366 MEDIUM

Splunk <9.4.4, <9.3.6, <9.2.8 - Info Disclosure

CVE-2025-10847 HIGH

DX Unified Infrastructure Management < - Command Injection

CVE-2025-55797 MEDIUM

FormCMS < 0.5.5 - Unauthenticated Improper Access Control via Schema History Endpoint

CVE-2025-11163 MEDIUM

SmartCrawl SEO checker - Info Disclosure

CVE-2025-54875 CRITICAL

FreshRSS 1.16.0-1.26.3 - Unauthenticated Privilege Escalation via Hidden Admin Field

CVE-2025-57266 CRITICAL

ThriveX Blogging Framework <3.1.3 - Info Disclosure

CVE-2025-54591 HIGH

FreshRSS < 1.27.0 - Unauthenticated Information Disclosure via Tag/Feed Endpoints

CVE-2025-57197 MEDIUM

Payeer Android 2.5.0 - Privilege Escalation

CVE-2025-55795 LOW

openml/openml.org v2.0.20241110 - Open Redirect

CVE-2025-36351 MEDIUM

IBM License Metric Tool 9.2.0-9.2.40 - Authenticated Access Control Bypass in REST API

CVE-2025-57428 MEDIUM

Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.201...

CVE-2025-11136 MEDIUM

YiFang CMS <2.0.2 - Unrestricted Upload

CVE-2025-11103 MEDIUM

Projectworlds Online Tours and Travels 1.0 - Unrestricted Upload

CVE-2025-11078 MEDIUM

itsourcecode Open Source Job Portal 1.0 - Unrestricted Upload

CVE-2025-59932 HIGH

flagforge 2.0.0-2.3.0 - Unauthenticated Improper Access Control in /api/resources Endpoint

CVE-2025-11028 MEDIUM

givanz Vvveb <1.0.7.2 - Info Disclosure

CVE-2025-11026 LOW

givanz Vvveb <1.0.7.2 - Info Disclosure

Previous Page 54 of 212 Next

Details

Vulnerabilities 5,283

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy