Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-284

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,299 vulnerabilities with CWE-284

CVE-2025-5162 MEDIUM

H3C SecCenter SMP-E1114P02 < 20250513 - Unrestricted File Upload via logGeneralFile Parameter

CVE-2025-5131 MEDIUM

Tmall Demo < 2025-05-05 - Unrestricted File Upload via uploadCategoryImage Function

CVE-2025-5130 MEDIUM

tmall_demo < 2025-05-05 - Unrestricted File Upload via uploadProductImage Function

CVE-2025-24917 HIGH

Tenable Network Monitor <6.5.1 - Privilege Escalation

CVE-2025-24916 HIGH

Tenable Network Monitor <6.5.1 - Privilege Escalation

CVE-2025-3580 MEDIUM

Grafana 10.4.18-12.0.1 - Authenticated Server Administrator Account Deletion

CVE-2025-5108 MEDIUM

ShopXO 6.5.0 - Unrestricted File Upload via Payment Controller ZIP Handler

CVE-2025-5059 MEDIUM

Campcodes Online Shopping Portal 1.0 - Unrestricted Upload

CVE-2025-20242 MEDIUM

Cisco Unified Contact Center Enterprise (CCE) - Info Disclosure

CVE-2025-22157 HIGH

Jira Core/JSM DC/Server <10.6 - Privilege Escalation

CVE-2025-4980 MEDIUM

Netgear DGND3700 1.1.00.15_1.00.15NA - Information Disclosure via currentsetting.htm

CVE-2025-4977 MEDIUM

Netgear DGND3700 1.1.00.15_1.00.15NA - Information Disclosure in BRS_top.html

CVE-2025-28371 MEDIUM

EnGenius ENH500 AP 2T2R V3.0 FW3.7.22 - Incorrect Access Control via Password Change Function

CVE-2025-4926 MEDIUM

PHPGurukul Car Rental Project 1.0 - Unrestricted File Upload via img1/img2/img3/img4/img5 Parameters

CVE-2025-4923 HIGH

SourceCodester Client Database Management System 1.0 - Unrestricted File Upload via uploaded_file_cancelled Argument

CVE-2025-23164 MEDIUM

Unifi Protect <5.3.41 - Info Disclosure

CVE-2025-4904 MEDIUM

D-Link DI-7003GV2 24.04.18D1 R(68125) - Information Disclosure in /H5/webgl.data

CVE-2025-4902 MEDIUM

D-Link DI-7003GV2 24.04.18D1 R(68125) - Information Disclosure via versionupdate.data

CVE-2025-4901 MEDIUM

D-Link DI-7003GV2 24.04.18D1 R(68125) - Information Disclosure via state_view.data Endpoint

CVE-2025-47794 LOW

Nextcloud Server 26.0.0-26.0.13.13, 29.0.0-29.0.13 - Unauthenticated Temporary File Access and Symlink Attack

CVE-2025-47792 MEDIUM

Nextcloud Desktop < 3.15.0 - Unauthenticated Improper Access Control via Socket API

CVE-2025-2306 MEDIUM

SYNCPILOT LIVE CONTRACT 3-5.4.11, 5.5-5.5.3, 5.6-5.6.2 - Unauthenticated Sensitive Document Download via UUIDv4

CVE-2025-4768 MEDIUM

feng_ha_ha/megagao ssm-erp & production_ssm 1.0 - Unrestricted Upload

CVE-2025-4753 MEDIUM

D-Link DI-7003GV2 24.04.18D1 R(68125) - Information Disclosure via /login.data

CVE-2025-4752 MEDIUM

D-Link DI-7003GV2 24.04.18D1 R(68125) - Information Disclosure via /install_base.data

Previous Page 70 of 212 Next

Details

Vulnerabilities 5,299

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy