Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-284

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,075 vulnerabilities with CWE-284

CVE-2026-45301 HIGH

Open WebUI: Missing permission check in files API allows authenticated users to list, access and delete every uploaded file

CVE-2026-44556 HIGH

Open WebUI: responses passthrough endpoint lacks access control authorization

CVE-2026-44774 CRITICAL

Traefik: Gateway API TraefikService backend accepts rest@internal, allowing unauthorized exposure of the REST provider despite providers.rest.insecure=false

CVE-2026-7373 HIGH

Metasploit Pro on Windows: Local Privilege Escalation via OpenSSL Configuration File Loading

CVE-2026-8586 MEDIUM

Google Chrome < 148.0.7778.168 - Local Discretionary Access Control Bypass via Malicious File

CVE-2026-8566 MEDIUM

Google Chrome < 148.0.7778.168 - Insufficient Policy Enforcement in Payments

CVE-2026-8556 LOW

Google Chrome < 148.0.7778.168 - Cross-Origin Data Leak via ANGLE Implementation

CVE-2026-8545 LOW

Google Chrome < 148.0.7778.168 - Cross-Origin Data Leak via Compositing Object Corruption

CVE-2026-24711 MEDIUM

CFEngine Enterprise <3.21.8, 3.24.3, 3.27.0 - Incorrect Access Control

CVE-2026-44478 HIGH

hoppscotch: Unauthenticated Onboarding Config Disclosure via Empty Recovery Token

CVE-2026-33381 MEDIUM

Users can generate Service Account tokens after permissions removal

CVE-2026-33377 HIGH

Dashboard Import Overwrites ACL — Editor Privilege Escalation to Dashboard Admin

CVE-2026-28374 MEDIUM

IDOR in Annotations API allows unprivileged users to DELETE annotation

CVE-2026-44007 CRITICAL

vm2: nesting: true bypasses require: false, allowing sandbox escape to arbitrary OS command execution

CVE-2026-36738 MEDIUM

U-SPEED AC1200 T18-21K V1.0 - Incorrect Access Control

CVE-2026-44352 MEDIUM

Flowsint: Broken Access Control allows reading of sketch logs from any user

CVE-2026-44341 MEDIUM

GoJobs: Insecure Direct Object Reference (IDOR) in Job Retrieval Endpoint

CVE-2026-42158 LOW

Flowsint: Broken Access Control allows modification of investigation metadata from any user

CVE-2026-44874 MEDIUM

Authenticated Arbitrary File Download via AOS-10 Web-Based Management Interface

CVE-2026-44225 CRITICAL

Pulpy: Incomplete filesystem sandbox in pulpy.fs bridge allows packaged web apps to read arbitrary user files

CVE-2026-44277 CRITICAL

FortiAuthenticator 8.0.0-8.0.2, 6.5.0-6.5.6, 6.6.0-6.6.8, 6.4.0-6.4.10 - Improper Access Control

CVE-2026-42832 HIGH

Microsoft Office Spoofing Vulnerability

CVE-2026-42823 CRITICAL

Azure Logic Apps Elevation of Privilege Vulnerability

CVE-2026-42177 MEDIUM

linux-entra-sso: PRT SSO cookie can leak to attacker-controlled hosts when broad host permissions are granted

CVE-2026-41614 MEDIUM

M365 Copilot for Desktop Spoofing Vulnerability

Previous Page 8 of 203 Next

Details

Vulnerabilities 5,075

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy