CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,300 vulnerabilities with CWE-284
CVE-2025-0460 HIGH
Blog Botz for Journal Theme 1.0 - Unrestricted Upload
CVSS 7.3
CVE-2025-0403 MEDIUM
1902756969 reggie 1.0 - Info Disclosure
CVSS 5.3
CVE-2025-0402 MEDIUM
reggie 1.0 - Unrestricted File Upload in CommonController
CVSS 6.3
CVE-2025-0399 MEDIUM
StarSea99 starsea-mall 1.0 - Unrestricted Upload
CVSS 4.7
CVE-2025-21380 HIGH
Azure Marketplace - Improper Access Control
CVSS 8.8
CVE-2025-0346 MEDIUM
code-projects CMS 1.0 - Unrestricted Upload
CVSS 4.7
CVE-2025-0341 MEDIUM
CampCodes Computer Laboratory Management System 1.0 - Unrestricted File Upload via e_photo Parameter
CVSS 6.3
CVE-2025-0335 MEDIUM
code-projects Online Bike Rental System 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2025-0227 MEDIUM
Tsinghua Unigroup Electronic Archives System 3.2.210802 - Info Disc...
CVSS 4.3
CVE-2025-0226 MEDIUM
Tsinghua Unigroup Electronic Archives System 3.2.210802 - Info Disc...
CVSS 4.3
CVE-2025-0224 MEDIUM
Provision-ISR - Info Disclosure
CVSS 5.3
CVE-2025-0213 MEDIUM
Campcodes Project Management System 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2025-0206 MEDIUM
code-projects Online Shoe Store 1.0 - Info Disclosure
CVSS 5.3
CVE-2024-27891 MEDIUM
Arista EOS MACsec Egress ACLs - Access Control Bypass
CVSS 5.3
CVE-2024-36323 HIGH
AMD Radeon RX 7000 Series - Unauthorized Access
CVE-2024-52911 HIGH
Bitcoin Core 0.14-28.x - Auth Bypass
CVSS 7.5
CVE-2024-44303 HIGH
macOS < 15.1 - Unauthorized File System Modification
CVSS 7.5
CVE-2024-44219 HIGH
macOS < 15.1 - Unprotected User Data Exposure via Permissions Issue
CVSS 7.5
CVE-2024-40858 HIGH
macOS < 15.1 - Unauthorized Contacts Access
CVSS 7.1
CVE-2024-55025 MEDIUM
Weintek cMT-3072XH2 v2.1.53 - Auth Bypass
CVSS 6.5
CVE-2024-55019 HIGH
Weintek cMT-3072XH2 v2.1.53 - Auth Bypass
CVSS 7.5
CVE-2024-54556 LOW
iPadOS < 18.1 - Unprotected User Data Exposure via Lock Screen
CVSS 2.4
CVE-2024-44210 LOW
macOS < 15.1 - Unprotected User Data Exposure via Improper Access Control
CVSS 3.3
CVE-2024-45432 HIGH
OpenSynergy BlueSDK <=6.x - Code Injection
CVSS 7.5
CVE-2024-46916 HIGH
Diebold Nixdorf Vynamic Security Suite <= 4.3.0sr06 - Improper Access Control via Early Filesystem Deletion
CVSS 8.1
Details
Vulnerabilities 5,300
Links
MITRE CWE Entry Search this CWE With Exploits