Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-284

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,300 vulnerabilities with CWE-284

CVE-2025-20223 MEDIUM

Cisco Catalyst Center - Info Disclosure

CVE-2025-20190 MEDIUM

Cisco IOS XE Wireless Controller Software - Privilege Escalation

CVE-2025-20137 MEDIUM

Cisco Catalyst 1000/2960L - Auth Bypass

CVE-2025-29448 HIGH

Easy!Appointments 1.5.1 - Unauthenticated Denial of Service via Excessive Booking Duration

CVE-2025-46816 CRITICAL

goshs 0.3.4-1.0.4 - Unauthenticated Remote Code Execution via WebSocket Command Injection

CVE-2025-21470 HIGH

Qualcomm AQT1000 Firmware - Memory Corruption via Image Encoding IOCTL Parameter

CVE-2025-21469 HIGH

Qualcomm FastConnect and Snapdragon Firmware - Memory Corruption via IOCTL Call with Zero-Length Buffer

CVE-2025-4333 MEDIUM

feng_ha_ha/megagao ssm-erp & production_ssm <0.0.1 - Unrestricted U...

CVE-2025-46589 MEDIUM

HarmonyOS - Unauthorized Access in App Lock Module

CVE-2025-46588 MEDIUM

HarmonyOS - Unauthorized Access in App Lock Module

CVE-2025-4310 MEDIUM

itsourcecode Content Management System 1.0 - Unrestricted File Upload via Cover Image Argument

CVE-2025-4305 MEDIUM

Kefaming mayi <1.3.9 - Unrestricted Upload

CVE-2025-4291 MEDIUM

ideacms < 1.6 - Unrestricted File Upload via saveUpload Function

CVE-2025-45618 MEDIUM

jeeweb-mybatis-springboot v0.0.1.RELEASE - Improper Access Control in /admin/sys/datasource/ajaxList

CVE-2025-45617 HIGH

production_ssm v0.0.1-SNAPSHOT - Improper Access Control in /user/list

CVE-2025-45616 CRITICAL

baidu brcc < 1.2.0 - Unauthenticated Privilege Escalation via Admin API

CVE-2025-45615 CRITICAL

yaoqishan v0.0.1-SNAPSHOT - Incorrect Access Control in Admin API

CVE-2025-45614 HIGH

One v1.0 - Improper Access Control in /api/user/manager

CVE-2025-45613 HIGH

shiro-action < 0.6 - Improper Access Control in /user/list Endpoint

CVE-2025-45612 CRITICAL

xmall < 1.1 - Unauthenticated Authentication Bypass via /index GET Request

CVE-2025-45611 CRITICAL

hope-boot 1.0.0 - Unauthenticated Authentication Bypass via /user/edit/ GET Request

CVE-2025-45610 HIGH

passjava < 3.0.0 - Improper Access Control in /scheduleLog/info/1 Endpoint

CVE-2025-45609 HIGH

ke/kob 1.0.0-SNAPSHOT - Improper Access Control in doFilter Function

CVE-2025-45608 HIGH

Xinguan < 0.0.1-snapshot - Improper Access Control in User List API

CVE-2025-4051 MEDIUM

Google Chrome < 136.0.7103.59 - Discretionary Access Control Bypass via DevTools

Previous Page 72 of 212 Next

Details

Vulnerabilities 5,300

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy