Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-284

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,300 vulnerabilities with CWE-284

CVE-2025-1881 MEDIUM

i-Drive i11-i12 <20250227 - Improper Access Controls

CVE-2025-25950 HIGH

Academia Student Information System EagleR 1.0.118 - Improper Access Control in /rest/staffResource/update

CVE-2025-25948 CRITICAL

Academia Student Information System EagleR 1.0.118 - Improper Access Control in Staff Resource Creation

CVE-2025-1835 MEDIUM

osuuu LightPicture 1.2.2 - Unrestricted Upload

CVE-2025-1834 MEDIUM

zj1983 zz <2024-8 - Unrestricted Upload

CVE-2025-1818 MEDIUM

zj1983 zz <2024-8 - Unrestricted Upload

CVE-2025-1791 MEDIUM

Zorlan SkyCaiji 2.9 - Unrestricted Upload

CVE-2025-25730 MEDIUM

Motorola Mobility Droid Razr HD - Info Disclosure

CVE-2025-1646 HIGH

Lumsoft ERP 8 - Unrestricted Upload

CVE-2025-27140 CRITICAL

WeGIA < 3.2.15 - OS Command Injection via importar_dump.php Endpoint

CVE-2025-1606 MEDIUM

Best Employee Management System 1.0 - Information Disclosure in Backup File Handler

CVE-2025-1598 MEDIUM

Best Church Management Software 1.0 - Unauthenticated Arbitrary File Upload via photo1 Parameter

CVE-2025-1595 MEDIUM

Anhui Xufan Information Technology EasyCVR <2.7.0 - Info Disclosure

CVE-2025-1593 MEDIUM

Best Employee Management System 1.0 - Unrestricted File Upload in Profile Picture Handler

CVE-2025-1590 MEDIUM

SourceCodester E-Learning System 1.0 - Unrestricted File Upload in List of Lessons Page

CVE-2025-1555 HIGH

hzmanyun Education and Training System 3.1.1 - Unrestricted File Upload via saveImage Function

CVE-2025-25968 MEDIUM

DDSN Interactive cm3 Acora CMS 10.1.1 - Improper Access Control via File Parameter

CVE-2025-21105 MEDIUM

Dell RecoverPoint for Virtual Machines 6.0.X - Authenticated Command Execution via Binary

CVE-2025-24989 HIGH KEV

Microsoft Power Pages - Unauthenticated Privilege Escalation via Registration Control Bypass

CVE-2025-20153 MEDIUM

Cisco Secure Email Gateway - Auth Bypass

CVE-2025-0968 MEDIUM

ElementsKit Elementor Addons < 3.4.0 - Unauthenticated Sensitive Information Exposure via get_megamenu_content()

CVE-2025-26617 CRITICAL

WeGIA < 3.2.14 - SQL Injection via historico_paciente.php Endpoint

CVE-2025-26616 HIGH

WeGIA < 3.2.14 - Path Traversal via exportar_dump.php Endpoint

CVE-2025-26615 CRITICAL

WeGIA < 3.2.14 - Path Traversal via examples.php Endpoint

CVE-2025-26613 CRITICAL

WeGIA < 3.2.14 - OS Command Injection via gerenciar_backup.php Endpoint

Previous Page 83 of 212 Next

Details

Vulnerabilities 5,300

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy