CWE-284: Improper Access Control — known CVE vulnerabilities
CVEs classified under CWE-284 (Improper Access Control), ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2026-50746 — CVSS 10.0 (critical): A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Connect Application to…
CVE-2026-46978 — CVSS 10.0 (critical): Vulnerability in the Oracle Solaris product of Oracle Systems (component: Remote Administration Daemon). The supported version that is…
CVE-2026-35308 — CVSS 10.0 (critical): Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Centralized Third Party Jars). Supported versions…
CVE-2026-35307 — CVSS 10.0 (critical): Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are…
CVE-2026-46695 — CVSS 10.0 (critical): Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run…
CVE-2026-46840 — CVSS 10.0 (critical): Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). Supported versions that are affected are 24.2.0-26.1.0…
CVE-2026-34444 — CVSS 10.0 (critical): Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attribute_filter is not consistently applied when…
CVE-2026-32737 — CVSS 10.0 (critical): Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for functional and…
CVE-2026-30966 — CVSS 10.0 (critical): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.7 and 8.6.20…
CVE-2026-2768 — CVSS 10.0 (critical): Sandbox escape in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and…
CVE-2026-21962 — CVSS 10.0 (critical): Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware (component: Weblogic…
CVE-2026-21636 — CVSS 10.0 (critical): A flaw in Node.js's permission model allows Unix Domain Socket (UDS) connections to bypass network restrictions when `--permission` is…
CVE-2026-0881 — CVSS 10.0 (critical): Sandbox escape in the Messaging System component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.
CVE-2025-54339 — CVSS 10.0 (critical): An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2…
CVE-2024-22216 — CVSS 10.0 (critical): In default installations of Microchip maxView Storage Manager (for Adaptec Smart Storage Controllers) where Redfish server is configured…
CVE-2023-22600 — CVSS 10.0 (critical): InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain…
CVE-2021-40112 — CVSS 10.0 (critical): Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical…
CVE-2020-12030 — CVSS 10.0 (critical): There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables…
CVE-2020-12493 — CVSS 10.0 (critical): An open port used for debugging in SWARCOs CPU LS4000 Series with versions starting with G4... grants root access to the device without…
CVE-2017-7928 — CVSS 10.0 (critical): An Improper Access Control issue was discovered in Schweitzer Engineering Laboratories (SEL) SEL-3620 and SEL-3622 Security Gateway…
CVE-2015-2692 — CVSS 10.0 (critical): AdBlock before 2.21 allows remote attackers to block arbitrary resources on arbitrary websites and to disable arbitrary blocking filters.
CVE-2016-8938 — CVSS 10.0 (critical): IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This…
CVE-2016-1044 — CVSS 10.0 (critical): Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC…
CVE-2016-1041 — CVSS 10.0 (critical): Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC…
CVE-2016-1038 — CVSS 10.0 (critical): Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC…
CVE-2015-5053 — CVSS 10.0 (critical): The host memory mapping path feature in the NVIDIA GPU graphics driver R346 before 346.87 and R352 before 352.41 for Linux and R352 before…
CVE-2015-1920 — CVSS 10.0 (critical): IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, and 8.5 before 8.5.5.6 allows remote…
CVE-2015-3306 — CVSS 10.0 (critical): The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
CVE-2015-3074 — CVSS 10.0 (critical): Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on…
CVE-2015-3073 — CVSS 10.0 (critical): Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on…
CVE-2015-3072 — CVSS 10.0 (critical): Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on…
CVE-2015-3071 — CVSS 10.0 (critical): Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on…
CVE-2015-3069 — CVSS 10.0 (critical): Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on…
CVE-2015-3068 — CVSS 10.0 (critical): Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on…
CVE-2015-3067 — CVSS 10.0 (critical): Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on…
CVE-2015-3066 — CVSS 10.0 (critical): Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on…
CVE-2015-3065 — CVSS 10.0 (critical): Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on…
CVE-2015-3064 — CVSS 10.0 (critical): Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on…
CVE-2015-3063 — CVSS 10.0 (critical): Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on…
CVE-2015-3062 — CVSS 10.0 (critical): Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on…
CVE-2015-3061 — CVSS 10.0 (critical): Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on…
CVE-2015-3060 — CVSS 10.0 (critical): Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on…
CVE-2015-0929 — CVSS 10.0 (critical): time.htm in the web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a78 allows remote attackers to bypass…
CVE-2014-6626 — CVSS 10.0 (critical): Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not properly restrict access to unspecified administrative functions…
CVE-2026-47647 — CVSS 9.9 (critical): Improper access control in Microsoft Dynamics 365 allows an authorized attacker to elevate privileges over a network.
CVE-2026-46963 — CVSS 9.9 (critical): Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration)…
CVE-2026-46918 — CVSS 9.9 (critical): Vulnerability in the Oracle Process Manufacturing Product Development product of Oracle E-Business Suite (component: Internal Operations)…
CVE-2026-46908 — CVSS 9.9 (critical): Vulnerability in the JD Edwards EnterpriseOne Accounts Payable product of Oracle JD Edwards (component: Accounts Payable). The supported…