Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-284

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,300 vulnerabilities with CWE-284

CVE-2025-30707 HIGH

Oracle iStore 12.2.3-12.2.14 - Unauthenticated Unauthorized Data Access via User Management

CVE-2025-30700 LOW

Oracle Solaris 11 - Unauthorized Data Access via Pluggable Authentication Module

CVE-2025-30699 MEDIUM

MySQL Server 8.0.0-8.0.41, 8.4.0-8.4.4, 9.0.0-9.2.0 - Authenticated Denial of Service in Stored Procedure

CVE-2025-30698 MEDIUM

Oracle Java SE 8u441, 11.0.26, 17.0.14, 21.0.6, 24; GraalVM - Unauthenticated Improper Access Control in 2D

CVE-2025-30697 MEDIUM

Oracle PeopleSoft Enterprise PeopleTools 8.60-8.62 - Authenticated Improper Access Control in Panel Processor

CVE-2025-30696 MEDIUM

MySQL Server 8.0.0-8.0.41, 8.4.0-8.4.4, 9.0.0-9.2.0 - Authenticated Denial of Service via Multiple Protocols

CVE-2025-30695 MEDIUM

MySQL Server 8.0.0-8.0.41, 8.4.0-8.4.4, 9.0.0-9.2.0 - DoS and Data Manipulation in InnoDB

CVE-2025-30694 MEDIUM

Oracle XML Database 19.3-19.26, 21.3-21.17, 23.4-23.7 - Authenticated Improper Access Control via HTTP

CVE-2025-30693 MEDIUM

Oracle MySQL Server 8.0.0-8.0.41, 8.4.0-8.4.4, 9.0.0-9.2.0 - DoS and Data Manipulation in InnoDB

CVE-2025-30692 MEDIUM

Oracle iSupplier Portal 12.2.7-12.2.14 - Unauthorized Data Access via Attachments Component

CVE-2025-30691 MEDIUM

Oracle GraalVM for JDK 21.0.6 and 24 - Unauthenticated Improper Access Control via Compiler APIs

CVE-2025-30690 HIGH

Oracle Solaris 11 - Authenticated Privilege Escalation in Filesystem

CVE-2025-30689 MEDIUM

MySQL Server 8.0.0-8.0.41, 8.4.0-8.4.4, 9.0.0-9.2.0 - Authenticated Denial of Service in Server Optimizer

CVE-2025-21588 MEDIUM

MySQL Server 8.4.0-8.4.4 and 9.0.0-9.2.0 - Authenticated Denial of Service in Server: DML

CVE-2025-21587 HIGH

Oracle Java SE 8u441, 11.0.26, 17.0.14, 21.0.6, 24; GraalVM - Unauthenticated Access Control in JSSE

CVE-2025-21586 MEDIUM

Oracle JD Edwards EnterpriseOne Tools 9.2.0.0-9.2.9.2 - Authenticated Improper Access Control in Web Runtime SEC

CVE-2025-21573 MEDIUM

Oracle Financial Services Revenue Man... - Improper Access Control

CVE-2025-29705 MEDIUM

code-gen <= 2.0.6 - Unauthenticated Incorrect Access Control

CVE-2025-29984 MEDIUM

Dell Trusted Device <7.0.3.0 - Privilege Escalation

CVE-2025-31494 LOW

AutoGPT Platform < 0.6.1 - Unauthorized Data Access via WebSocket API Subscription

CVE-2025-3593 MEDIUM

My-Blog-layui 1.0 - Unrestricted File Upload via Admin Upload Endpoint

CVE-2025-3585 MEDIUM

westboy CicadasCMS 1.0 - Unrestricted File Upload via JSP Parser

CVE-2025-3566 HIGH

veal98 XiaoNiuRou Echo 4.2 - Unrestricted Upload

CVE-2025-3565 MEDIUM

huanfenz StudentManager 1.0 - Unrestricted File Upload via Announcement Management Section

CVE-2025-3558 MEDIUM

ghostxbh uzy-ssm-mall 1.0.0 - Unrestricted File Upload via /mall/user/uploadUserHeadImage

Previous Page 76 of 212 Next

Details

Vulnerabilities 5,300

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy