Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-284

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,075 vulnerabilities with CWE-284

CVE-2026-9352 MEDIUM

NousResearch hermes-agent Messaging Gateway local.py _make_run_env information disclosure

CVE-2026-9349 MEDIUM

calcom cal.diy Generic React API bookings-single-view.getServerSideProps.tsx getServerSideProps information disclosure

CVE-2026-39968 HIGH

TypeBot: Cross-Workspace Credential Theft via Bot-Engine Preview Endpoint

CVE-2026-9223 MEDIUM

Devolutions Server < 2026.1.16.0 - Improper Access Control

CVE-2026-5171 MEDIUM

Devolutions Server - Improper Access Control

CVE-2026-34908 CRITICAL

Ubiquiti INC UniFi OS Server - Improper Access Control

CVE-2026-8240 MEDIUM

Concrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure in Backend\SummaryTemplate

CVE-2026-41999 MEDIUM

PowerDNS Authoritative 5.0.0-5.0.4 - Improper Access Control via TCP PROXY Requests

CVE-2026-2734 MEDIUM

Authorization Bypass in SearchModelVersions in mlflow/mlflow

CVE-2026-39310 HIGH

Trilium Notes: Authentication Bypass in Clipper API for Electron (Desktop) Builds

CVE-2026-44926 HIGH

InfoScale CmdServer < 7.4.2 - Access Control Mishandling

CVE-2026-0856 HIGH

Mesalvo Meona Client Launcher <= 19.06.2020 & Server <= 2025.04 - Improper Access Control

CVE-2026-34754 MEDIUM

MantisBT allows unauthorized users to upload attachments to restricted issues via REST API

CVE-2026-34390 MEDIUM

MantisBT: Privilege Escalation from Manager to Administrator

CVE-2026-34358 HIGH

CtrlPanel: Missing Authorization on Admin Write Endpoints Allows RBAC Bypass

CVE-2026-34234 CRITICAL

CtrlPanel: Unauthenticated RCE using installer script

CVE-2026-39250 HIGH

Innoshop 0.6.0 - Authenticated Authorization Bypass

CVE-2026-34233 MEDIUM

CtrlPanel has Missing Authentication Checks in Datatable Admin Endpoints

CVE-2026-37979 MEDIUM

Keycloak: keycloak: information disclosure via oidc token introspection endpoint audience bypass

CVE-2026-31388 MEDIUM

Apache OFBiz: Cross-Tenant Data Exposure via Program Export Feature

CVE-2026-32994 MEDIUM

Rocket.Chat <8.5.0 Authenticated Improper Access Control via Autotranslate

CVE-2026-8766 MEDIUM

Kilo-Org kilocode Environment Variable config.ts load information disclosure

CVE-2026-8758 HIGH

Metasoft 美特软件 MetaCRM upload3.jsp unrestricted upload

CVE-2026-8752 MEDIUM

h2oai h2o-3 Rapids setproperty Primitive AstSetProperty.java exec access control

CVE-2026-8750 MEDIUM

h2oai h2o-3 ImportFile API PersistNFS.java importFiles information disclosure

Previous Page 7 of 203 Next

Details

Vulnerabilities 5,075

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy