CWE-284 · Improper Access Control
5325 CVEs classified under CWE-284 (Improper Access Control). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-46978 | Critical | 10.0 | 2026-06-17 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Remote Administration Daemon). The supported version that is affected is 11.4. Easi… |
CVE-2026-35308 | Critical | 10.0 | 2026-06-17 | Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Centralized Third Party Jars). Supported versions that are affected are… |
CVE-2026-35307 | Critical | 10.0 | 2026-06-17 | Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0… |
CVE-2026-46695 | Critical | 10.0 | 2026-06-10 | Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. Prio… |
CVE-2026-46840 | Critical | 10.0 | 2026-05-28 | Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulne… |
CVE-2026-34908 | Critical | 10.0 | 2026-05-22 | A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to t… |
CVE-2026-34234 | Critical | 10.0 | 2026-05-19 | CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer (public/installer/index.php) is vulnerabl… |
CVE-2026-34444 | Critical | 10.0 | 2026-04-06 | Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attribute_filter is not consistently applied when attributes are accessed thro… |
CVE-2026-33478 | Critical | 10.0 | 2026-03-23 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, multiple vulnerabilities in AVideo's CloneSite plugin chain together to all… |
CVE-2026-32737 | Critical | 10.0 | 2026-03-18 | Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for functional and integration tests within GitHub… |
CVE-2026-30966 | Critical | 10.0 | 2026-03-10 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.7 and 8.6.20, Parse Server's inter… |
CVE-2026-2768 | Critical | 10.0 | 2026-02-24 | Sandbox escape in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. |
CVE-2026-21962 | Critical | 10.0 | 2026-01-20 | Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware (component: Weblogic Server Proxy Plug-in for… |
CVE-2026-21636 | Critical | 10.0 | 2026-01-20 | A flaw in Node.js's permission model allows Unix Domain Socket (UDS) connections to bypass network restrictions when `--permission` is enabled. Even without `-… |
CVE-2026-0881 | Critical | 10.0 | 2026-01-13 | Sandbox escape in the Messaging System component. This vulnerability was fixed in Firefox 147 and Thunderbird 147. |
CVE-2025-54339 | Critical | 10.0 | 2025-11-14 | An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 exploitable remotely for E… |
CVE-2025-29270 | Critical | 10.0 | 2025-10-31 | Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows attackers to gain access to the admin pan… |
CVE-2025-54914 | Critical | 10.0 | 2025-09-04 | Azure Networking Elevation of Privilege Vulnerability |
CVE-2025-26615 | Critical | 10.0 | 2025-02-18 | WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Path Traversal vulnerability was discovered in the WeGIA appl… |
CVE-2024-22216 | Critical | 10.0 | 2024-01-08 | In default installations of Microchip maxView Storage Manager (for Adaptec Smart Storage Controllers) where Redfish server is configured for remote system mana… |