Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-284

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

4,788 vulnerabilities with CWE-284

CVE-2026-20697 MEDIUM

macOS <14.8.5 - Privilege Escalation

CVE-2026-20632 MEDIUM

Apple macOS <26.4 - Info Disclosure

CVE-2026-20622 HIGH

macOS <15.7.4 - Info Disclosure

CVE-2026-33316 HIGH

Vikunja’s Improper Access Control Enables Bypass of Administrator-Imposed Account Disablement

CVE-2026-33484 HIGH

Langflow has Unauthenticated IDOR on Image Downloads

CVE-2026-33309 CRITICAL

Langflow has an Arbitrary File Write (RCE) via v2 API

CVE-2026-32299 HIGH

Connect CMS: Information Disclosure Due to Improper Authorization through the Page Content Retrieval Feature

CVE-2026-0898 CRITICAL

Pega Browser Extension for Pega Robot Studio 22.1 and R25 - Arbitrary File Write

CVE-2026-33478 CRITICAL

AVideo Multi-Chain Attack: Unauthenticated Remote Code Execution via Clone Key Disclosure, Database Dump, and Command Injection

CVE-2026-4586 MEDIUM

CodePhiliaX Chat2DB JDBC Driver Upload JdbcDriverController.java upload unrestricted upload

CVE-2026-4628 MEDIUM

Keycloak: org.keycloak.authorization: keycloak: unauthorized resource modification due to improper access control

CVE-2026-4536 HIGH

Acrel Environmental Monitoring Cloud Platform unrestricted upload

CVE-2026-4514 MEDIUM

PbootCMS Backend UserController.php access control

CVE-2026-4505 MEDIUM

eosphoros-ai DB-GPT FastAPI Endpoint controller.py module_plugin.refresh_plugins unrestricted upload

CVE-2026-32768 CRITICAL

Chall-Manager's invalid NetworkPolicy enables a malicious actor to pivot into another namespace

CVE-2026-32938 CRITICAL

SiYuan has an Arbitrary File Read in its Desktop Publish Service

CVE-2026-33062 HIGH

free5GC NRF Discovery EncodeGroupId Function Panics on Malformed group-id-list Parameter

CVE-2026-32769 CRITICAL

Fullchain's Invalid NetworkPolicy enables a malicious actor to pivot into another namespace

CVE-2026-32761 MEDIUM

File Browser has an Authorization Policy Bypass in its Public Share Download Flow

CVE-2026-32760 CRITICAL

File Browser Self Registration Grants Any User Admin Access When Default Permissions Include Admin

CVE-2026-33393 MEDIUM

Discourse fixes loose hostname matching in spam host allowlist

CVE-2026-32752 NONE

FreeScout: Broken Access Control in ThreadPolicy — Any User Can Read/Edit All Customer Messages

CVE-2026-32038 CRITICAL

OpenClaw - Sandbox Network Isolation Bypass via docker.network=container Parameter

CVE-2026-32737 CRITICAL

Romeo's invalid NetworkPolicy enables a malicious actor to pivot into another namespace

CVE-2026-32693 HIGH

Unauthorized access to Kubernetes secrets in Juju

Previous Page 9 of 192 Next

Details

Vulnerabilities 4,788

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy