Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-284

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,283 vulnerabilities with CWE-284

CVE-2025-48707 HIGH

Stormshield Network Security <5.0.1 - Info Disclosure

CVE-2025-10952 MEDIUM

geyang ml-logger < acf255b - Sensitive Information Exposure via stream_handler

CVE-2025-59422 LOW

Dify 1.8.1 - Improper Access Control via Chat Messages Endpoint

CVE-2025-10957 HIGH

Syrotech SY-GPON-2010-WADONT - Info Disclosure

CVE-2025-56241 HIGH

Aztech DSL5005EN - Privilege Escalation

CVE-2025-48869 HIGH

Horilla 1.3.0 - Unauthenticated Sensitive Information Exposure via Resume File URL

CVE-2025-20316 MEDIUM

Cisco IOS XE Software 17.7.1-17.9.6a - Unauthenticated Access Control Bypass via SVI Egress ACL

CVE-2025-20339 MEDIUM

Cisco SD-WAN vEdge Software - Auth Bypass

CVE-2025-7106 MEDIUM

librechat < 0.7.9 - Improper Access Control in checkAccess Function

CVE-2025-59434 CRITICAL

Flowise <August 2025 - Cross-Tenant Data Exposure

CVE-2025-57438 MEDIUM

2wcom IP-4c 2.15.5 - Broken Access Control via Request Manipulation

CVE-2025-5962 HIGH

Red Hat Enterprise Linux 10 - Unauthenticated Improper Access Control in Lightspeed History Service

CVE-2025-10763 MEDIUM

Academico-sis <d9a9e2636fbf7e5845ee086bcb03ca62faceb6ab - Unrestric...

CVE-2025-10755 MEDIUM

Selleo Mentingo 2025.08.27 - Unrestricted Upload

CVE-2025-10741 MEDIUM

Selleo Mentingo <2025.08.27 - Unrestricted Upload

CVE-2025-10669 MEDIUM

Airsonic-Advanced <10.6.0 - Unrestricted Upload

CVE-2025-23329 HIGH

NVIDIA Triton Inference Server < 25.08 - Denial of Service via Python Backend Shared Memory Access

CVE-2025-10616 MEDIUM

itsourcecode E-Commerce Website 1.0 - Unrestricted File Upload in /admin/users.php

CVE-2025-10615 MEDIUM

itsourcecode E-Commerce Website 1.0 - Unrestricted File Upload in /admin/products.php

CVE-2025-10608 MEDIUM

Portabilis i-educar < 2.10.0 - Incorrect Privilege Assignment in Enrollment History Endpoint

CVE-2025-10607 MEDIUM

Portabilis i-educar < 2.10.0 - Exposure of Sensitive Information via /module/Avaliacao/diarioApi

CVE-2025-10600 HIGH

SourceCodester Online Exam Form Submission 1.0 - Unrestricted File Upload via register.php img Argument

CVE-2025-37131 MEDIUM

EdgeConnect SD-WAN ECOS - Privilege Escalation

CVE-2025-37125 HIGH

HPE Aruba Networking EdgeConnect OS - Auth Bypass

CVE-2025-54391 CRITICAL

Zimbra Collaboration - Authenticated Two-Factor Authentication Bypass via EnableTwoFactorAuthRequest SOAP Endpoint

Previous Page 55 of 212 Next

Details

Vulnerabilities 5,283

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy