Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-284

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

4,788 vulnerabilities with CWE-284

CVE-2026-35616 CRITICAL KEV

Fortinet FortiClientEMS 7.4.5-7.4.6 - Command Injection

CVE-2026-5484 MEDIUM

BookStackApp BookStack Chapter Export ExportFormatter.php chapterToMarkdown access control

CVE-2026-5472 MEDIUM

ProjectsAndPrograms School Management System Profile Picture settings.php unrestricted upload

CVE-2026-5413 LOW

Newgen OmniDocs GetWebApiConfiguration information disclosure

CVE-2026-33951 HIGH

signalk-server: Unauthenticated Source Priorities Manipulation

CVE-2026-2699 CRITICAL

EAR vulnerability in Progress ShareFile Storage Zones Controller (SZC)

CVE-2026-5330 MEDIUM

SourceCodester/mayuri_k Best Courier Management System User Delete ajax.php access control

CVE-2026-34572 HIGH

CI4MS: Account Deactivation Module Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw)

CVE-2026-34570 HIGH

CI4MS: Account Deletion Module Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw)

CVE-2026-5312 MEDIUM

D-Link DNS-1550-04 dsk_mgr.cgi Get_current_raidtype access control

CVE-2026-5311 MEDIUM

D-Link DNS-1550-04 file_center.cgi Webdav_Access_List access control

CVE-2026-34456 CRITICAL

Reviactyl: OAuth account takeover via auto-linking

CVE-2026-23899 HIGH

Joomla! Core - [20260306] - Improper access check in webservice endpoints

CVE-2026-21629 HIGH

Joomla! Core - [20260301] - ACL hardening in com_ajax

CVE-2026-1879 MEDIUM

Harvard University IQSS Dataverse Theme Customization ThemeAndWidgets.xhtml unrestricted upload

CVE-2026-5261 HIGH

Shandong Hoteam InforCenter PLM BaseHandler.ashx uploadFileToIIS unrestricted upload

CVE-2026-4947 HIGH

Insecure Direct Object Reference (IDOR) Leading to Signature Forgery in Foxit eSign

CVE-2026-5215 MEDIUM

D-Link DNS-1550-04 network_mgr.cgi cgi_get_ipv6 access control

CVE-2026-34733 MEDIUM

AVideo: Unauthenticated File Deletion via PHP Operator Precedence Bug in CLI Guard

CVE-2026-34381 HIGH

Admidio: Unauthenticated Access to Role-Restricted documents via neutralized .htaccess

CVE-2026-33415 LOW

Discourse: Improper Access Control in discourse-ai Allows Unauthorized Category Content Exposure

CVE-2026-5181 MEDIUM

SourceCodester Simple Doctors Appointment System ajax.php unrestricted upload

CVE-2026-21711 MEDIUM

Node.js 25.x - Privilege Escalation

CVE-2026-29872 HIGH

awesome-llm-apps e46690f - Info Disclosure

CVE-2026-5124 LOW

osrg GoBGP BGP Header bgp.go BGPHeader.DecodeFromBytes access control

Previous Page 7 of 192 Next

Details

Vulnerabilities 4,788

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy