CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

4,788 vulnerabilities with CWE-284
CVE-2026-5881 MEDIUM
Google Chrome <147.0.7727.55 - Policy Bypass
CVSS 6.5
CVE-2026-34723 HIGH
Zammad has incorrect access control in getting_started_controller
CVSS 7.5
CVE-2026-34248 MEDIUM
Zammad has an information disclosure in ticket detail view of customers in shared organizations
CVSS 5.7
CVE-2026-35533 HIGH
mise has a local settings bypass config trust checks
CVSS 7.7
CVE-2026-34045 HIGH
Podman Desktop WebView Server Exposed
CVSS 8.2
CVE-2026-39364 HIGH
Vite has a `server.fs.deny` bypass with queries
CVSS 7.5
CVE-2026-39346 MEDIUM
OrangeHRM has Improper Access Control Allowing Access to Disabled Modules via URL Encoding
CVSS 5.4
CVE-2026-39339 CRITICAL
ChurchCRM has an API Authentication Bypass
CVSS 9.1
CVE-2026-31272 CRITICAL
MRCMS 3.1.2 - Privilege Escalation
CVSS 9.8
CVE-2026-1079 MEDIUM
A native messaging host vulnerability in Pega Browser Extension (PBE) affects users of all versions of Pega Robotic Automation who have installed Pega Browser Extension.
CVE-2026-1078 HIGH
Pega Robot Studio 22.1 and R25 - Arbitrary File Write
CVE-2026-1114 CRITICAL
Improper Access Control via Weak JWT Token in parisneo/lollms
CVSS 9.8
CVE-2026-35185 HIGH
HAX CMS's public /server-status endpoint exposes authentication tokens, user activity, and client IP addresses
CVSS 7.5
CVE-2026-35172 HIGH
Distribution has stale blob access resurrection via repo-scoped redis descriptor cache invalidation
CVSS 7.5
CVE-2026-5670 MEDIUM
Cyber-III Student-Management-System upload.php move_uploaded_file unrestricted upload
CVSS 6.3
CVE-2026-34444 HIGH
Lupa has a Sandbox escape and RCE due to incomplete attribute_filter enforcement in getattr / setattr
CVE-2026-31150 MEDIUM
Kaleris YMS 7.2.2.1 - Incorrect Access Control
CVSS 4.3
CVE-2026-5601 MEDIUM
Acrel Electrical Prepaid Cloud Platform Backup File bin.rar information disclosure
CVSS 5.3
CVE-2026-5585 MEDIUM
Tencent AI-Infra-Guard Task Detail Endpoint task_manager.go information disclosure
CVSS 5.3
CVE-2026-5576 MEDIUM
SourceCodester/jkev Record Management System Add Employee save_emp.php unrestricted upload
CVSS 4.7
CVE-2026-5573 HIGH
Technostrobe HI-LED-WR120-G2 fs unrestricted upload
CVSS 7.3
CVE-2026-5571 MEDIUM
Technostrobe HI-LED-WR120-G2 Configuration Data fs information disclosure
CVSS 5.3
CVE-2026-5569 HIGH
Technostrobe HI-LED-WR120-G2 Endpoint access control
CVSS 7.3
CVE-2026-5546 MEDIUM
Campcodes Complete Online Learning Management System Crud_model.php add_lesson unrestricted upload
CVSS 6.3
CVE-2026-5526 HIGH
Tenda 4G03 Pro httpd access control
CVSS 7.3
Details
Vulnerabilities 4,788
Links
MITRE CWE Entry Search this CWE With Exploits