Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-284

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,299 vulnerabilities with CWE-284

CVE-2025-6266 MEDIUM

Teledyne FLIR AX8 <1.46 - Unrestricted Upload

CVE-2025-31698 HIGH

Apache Traffic Server <9.2.10, <10.0.6 - Info Disclosure

CVE-2025-49591 CRITICAL

CryptPad < 2025.3.0 - Two-Factor Authentication Bypass via URL-Encoded Path Parameter

CVE-2025-49154 HIGH

Trend Micro Apex One and Worry-Free Business Security - Local Privilege Escalation via Memory-Mapped File Overwrite

CVE-2025-6161 HIGH

Simple Food Ordering System 1.0 - Unrestricted File Upload via editproduct.php Photo Parameter

CVE-2025-27689 HIGH

Dell iDRAC Tools < 11.3.0.0 - Authenticated Privilege Escalation

CVE-2025-46889 MEDIUM

Adobe Experience Manager <6.5.22 - Privilege Escalation

CVE-2025-47962 HIGH

Windows Software Development Kit < 10.0.26100.4188 - Privilege Escalation

CVE-2025-33073 HIGH KEV

Windows SMB - Authenticated Privilege Escalation via Improper Access Control

CVE-2025-33056 HIGH

Microsoft Local Security Authority Server - DoS

CVE-2025-32722 MEDIUM

Windows Storage Port Driver - Information Disclosure via Improper Access Control

CVE-2025-32714 HIGH

Windows 10 1507-22H2, Windows 11 22H2-24H2, Windows Server 2008 - Privilege Escalation via Windows Installer

CVE-2025-43586 HIGH

Adobe Commerce <=2.4.8 Privilege Escalation via Improper Access Control

CVE-2025-27207 MEDIUM

Adobe Commerce <2.4.8 - Privilege Escalation

CVE-2025-27206 MEDIUM

Adobe Commerce <2.4.8 - Privilege Escalation

CVE-2025-5873 MEDIUM

eCharge Hardy Barth Salia PLCC <2.3.81 - Unrestricted Upload

CVE-2025-5840 HIGH

SourceCodester Client DBMS 1.0 - Unrestricted Upload

CVE-2025-5728 MEDIUM

Open Source Clinic Management System 1.0 - Unrestricted File Upload via website_image Parameter

CVE-2025-5382 MEDIUM

Devolutions Server < 2025.1.9.0 - Improper Access Control in MFA Feature

CVE-2025-3768 MEDIUM

Dovolations Server <2025.1.10.0 - Privilege Escalation

CVE-2025-0691 MEDIUM

Dovolations Server <2025.1.10.0 - Privilege Escalation

CVE-2025-5649 MEDIUM

Student Result Management System 1.0 - Unauthenticated Privileged User Creation via Register Interface

CVE-2025-20130 MEDIUM

Cisco Identity Services Engine < 3.1.0 - Authenticated Arbitrary File Upload via API

CVE-2025-48999 HIGH

DataEase < 2.10.10 - Improper Access Control via JDBC Statement Manipulation

CVE-2025-5436 MEDIUM

Multilaser Sirius RE016 MLT1.0 - Info Disclosure

Previous Page 68 of 212 Next

Details

Vulnerabilities 5,299

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy