Login Sign Up

CWE-284: Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

1,314
Total CVEs
218
Critical
559
High
7.2
Avg CVSS
2
In CISA KEV

Yearly Trend

2026
125
2025
669
2024
305
2023
121
2022
36

Top Affected Vendors

1 Microsoft 84
2 Apple 79
3 Oracle 57
4 Intel 32
5 Cisco 22
6 Adobe 21
7 Dell 20
8 Fabian 17
9 Mattermost 12
10 Campcodes 11

All Improper Access Control CVEs (1,314)

CVE-2026-20642
2.4

An input validation vulnerability in iOS/iPadOS allows someone with physical access to a locked device to view photos from the lock screen. This affec...

Feb 11, 2026
CVE-2024-54556
2.4

This vulnerability allows a user to view restricted content from the lock screen on Apple iOS and iPadOS devices due to improper state management. It ...

Jan 16, 2026
CVE-2025-43408
2.4

This vulnerability allows attackers with physical access to a locked macOS device to access contacts from the lock screen. It affects macOS users runn...

Nov 4, 2025
CVE-2025-43309
2.4

This CVE describes a lock screen notification vulnerability in iOS/iPadOS where an attacker with physical access can view notification contents that s...

Nov 4, 2025
CVE-2025-24314
2.2

An improper access control vulnerability in Intel CIP software allows unprivileged software running with a privileged user to potentially expose data ...

Nov 11, 2025
CVE-2025-32037
2.0

CVE-2025-32037 is an improper access control vulnerability in Intel PresentMon versions before 2.3.1 that allows a local attacker with privileged acce...

Nov 11, 2025
CVE-2026-21627
N/A

This vulnerability in the Tassos Framework plugin for Joomla allows unauthorized access to internal framework functionality through AJAX requests. Att...

Feb 20, 2026
CVE-2025-6592
N/A

This vulnerability in Wikimedia Foundation's AbuseFilter allows improper access control through the AuthManager.php component. It affects systems runn...

Feb 2, 2026
CVE-2025-14338
N/A

A race condition in Polkit authorization checks before version 0.69.0 can allow privilege escalation when Polkit authentication is disabled by default...

Jan 14, 2026
CVE-2025-11901
N/A

An uncontrolled resource consumption vulnerability in certain ASUS motherboards with Intel chipsets allows physical attackers to install malicious dev...

Dec 17, 2025
CVE-2025-66509
N/A

CVE-2025-66509 is a critical vulnerability in LaraDashboard that allows attackers to redirect password reset tokens to attacker-controlled servers. Wh...

Dec 4, 2025
CVE-2025-66223
N/A

OpenObserve versions before 0.16.0 have an access control vulnerability where organization invitation tokens never expire, remain valid after user rem...

Nov 29, 2025
CVE-2025-64483
N/A

This vulnerability allows authenticated users with read-only API roles in Wazuh to retrieve agent enrollment credentials through the /utils/configurat...

Nov 21, 2025
CVE-2025-10847
N/A

DX Unified Infrastructure Management (Nimsoft/UIM) has an improper ACL handling vulnerability in its robot controller component that allows remote att...

Oct 1, 2025

About Improper Access Control (CWE-284)

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Our database tracks 1,314 CVEs classified as CWE-284, with 218 rated critical and 559 rated high severity. The average CVSS score for Improper Access Control vulnerabilities is 7.2.

External reference: View CWE-284 on MITRE CWE →

Monitor Improper Access Control Vulnerabilities

Get alerted when new Improper Access Control CVEs affect your infrastructure.

Start Monitoring Free