Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-284

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,289 vulnerabilities with CWE-284

CVE-2025-29514 CRITICAL

D-Link DSL-7740C Firmware - Unauthenticated Configuration File Download via config.xgi

CVE-2025-9406 MEDIUM

xuhuisheng lemon <1.13.0 - Unrestricted Upload

CVE-2025-9400 MEDIUM

YiFang CMS <2.0.5 - Unrestricted Upload

CVE-2025-9398 MEDIUM

YiFang CMS <2.0.5 - Info Disclosure

CVE-2025-9397 MEDIUM

givanz Vvveb <1.0.7.2 - Unrestricted Upload

CVE-2025-9381 LOW

FNKvision Y215 CCTV Camera - Info Disclosure

CVE-2025-55630 HIGH

Reolink Smart 2k+ Plug-in Wi-fi Video Doorbell With Chime Firmware - Improper Access Control

CVE-2025-55626 MEDIUM

Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime <3.0.0.46...

CVE-2025-55741 HIGH

UnoPim < 0.3.1 - Unauthenticated Improper Access Control via Mass-Delete Endpoint

CVE-2025-53763 CRITICAL

Azure Databricks - Privilege Escalation

CVE-2025-7051 HIGH

n-able n-central < 2025.2 - Authenticated Arbitrary Syslog Configuration Modification

CVE-2025-55371 MEDIUM

jshERP 3.5 - Unauthenticated Information Disclosure via PersonController getAllList Method

CVE-2025-55368 HIGH

jshERP 3.5 - Unauthenticated Arbitrary Supplier Status Modification via RoleController

CVE-2025-55367 MEDIUM

jshERP 3.5 - Unauthenticated Arbitrary Supplier Status Modification via SupplierController

CVE-2025-55366 MEDIUM

jshERP 3.5 - Improper Access Control in UserController

CVE-2025-9296 MEDIUM

Emlog Pro <2.5.18 - Unrestricted Upload

CVE-2025-27215 HIGH

UniFi Connect Display Cast <1.10.7 - Improper Access Control

CVE-2025-9240 MEDIUM

elunez eladmin <2.7 - Info Disclosure

CVE-2025-28041 HIGH

itranswarp < 2.19 - Unauthenticated Improper Access Control in doFilter Function

CVE-2025-20131 MEDIUM

Cisco Identity Services Engine Software < 3.1.0 p5 and < 3.2.0 - Authenticated Arbitrary File Upload via GUI

CVE-2025-9153 MEDIUM

Online Tour and Travel Management System 1.0 - Unrestricted File Upload via Travellers Photo Parameter

CVE-2025-51539 MEDIUM

ezged3 3.5.0-3.5.72.27183 - Unauthenticated Arbitrary File Read via Path Traversal

CVE-2025-50434 MEDIUM

Appian Enterprise Business Process Management <25.3 - Info Disclosure

CVE-2025-51529 MEDIUM

Cookies and Content Security Policy < 2.29 - Denial of Service via Unlimited Database Write Operations

CVE-2025-50897 MEDIUM

riscv-boom SonicBOOM 1.2 - Memory Corruption

Previous Page 60 of 212 Next

Details

Vulnerabilities 5,289

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy