CWE-284— Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.— MITRE CWE catalog
4,712 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-284page 88 of 95
- CVE-2026-46441CRITICALCVSS 9.6EG 9.62026-06-08
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the assistant update endpoint of FlowiseAI. The endpoint allows authenticated users …
- CVE-2026-46461HIGHCVSS 7.8EG 7.82026-06-19
Dell Server Hardware Manager, versions prior to 3.2.2, contains an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
- CVE-2026-46485HIGHCVSS 8.2EG 8.22026-07-15
Dashy is a self-hostable personal dashboard. Prior to 4.0.8, Dashy deployments using OIDC can allow unauthenticated users or non-admin authenticated users to write changes to the main config.yaml through the config-saving functionality des…
- CVE-2026-46614CRITICALCVSS 9.8EG 9.82026-05-21
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, the Fission router registers an internal-style route — /fission-functi…
- CVE-2026-46695CRITICALCVSS 10.0EG 10.02026-05-21
Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite does not restrict the kernel capabilities available …
- CVE-2026-46699HIGHCVSS 7.6EG 7.62026-06-18
conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.61.0, a vulnerability in the conda-forge automated webservices allowed unintended…
- CVE-2026-46733HIGHCVSS 7.8EG 7.82026-06-25
Dell Display and Peripheral Manager (DDPM Windows), versions prior to 2.3, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code executio…
- CVE-2026-46765CRITICALCVSS 9.9EG 9.92026-06-17
Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Composer). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker w…
- CVE-2026-46766CRITICALCVSS 9.8EG 9.82026-06-17
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated at…
- CVE-2026-46767CRITICALCVSS 9.9EG 9.92026-06-17
Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Composer). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker w…
- CVE-2026-46768MEDIUMCVSS 6.0EG 6.02026-06-17
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: VMSVGA device). The supported version that is affected is 7.2.8. Easily exploitable vulnerability allows high privileged attacker with logon to the in…
- CVE-2026-46769HIGHCVSS 7.2EG 7.22026-06-17
Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Shared Components). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerabil…
- CVE-2026-46770MEDIUMCVSS 6.1EG 6.12026-06-17
Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: Security Framework). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability…
- CVE-2026-46771MEDIUMCVSS 4.1EG 4.12026-06-17
Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: Java Business Objects). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerab…
- CVE-2026-46772MEDIUMCVSS 4.7EG 4.72026-06-17
Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability allows…
- CVE-2026-46773CRITICALCVSS 9.8EG 9.82026-06-17
Vulnerability in the Oracle Unified Directory product of Oracle Fusion Middleware (component: OUD Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker…
- CVE-2026-46774CRITICALCVSS 9.8EG 9.82026-06-17
Vulnerability in the Oracle Unified Directory product of Oracle Fusion Middleware (component: OUD Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker…
- CVE-2026-46775CRITICALCVSS 9.9EG 9.92026-05-28
Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle REST …
- CVE-2026-46776HIGHCVSS 8.6EG 8.62026-06-17
Vulnerability in the Oracle Unified Directory product of Oracle Fusion Middleware (component: OUD Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker…
- CVE-2026-46777CRITICALCVSS 9.1EG 9.12026-06-17
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated at…
- CVE-2026-46779CRITICALCVSS 9.9EG 9.92026-06-17
Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low priv…
- CVE-2026-46782CRITICALCVSS 9.9EG 9.92026-06-17
Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low priv…
- CVE-2026-46784CRITICALCVSS 9.1EG 9.12026-06-17
Vulnerability in the WebCenter Content: Imaging product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker w…
- CVE-2026-46788HIGHCVSS 8.4EG 8.42026-06-17
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows high privileged attacker with ne…
- CVE-2026-46791HIGHCVSS 7.5EG 7.52026-06-17
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with ne…
- CVE-2026-46792CRITICALCVSS 9.9EG 9.92026-06-17
Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware (component: Generic Unix Connector). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low priv…
- CVE-2026-46793CRITICALCVSS 9.9EG 9.92026-06-17
Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware (component: Database User). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged at…
- CVE-2026-46795CRITICALCVSS 9.3EG 9.32026-06-17
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with ne…
- CVE-2026-46797CRITICALCVSS 9.8EG 9.82026-06-17
Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated att…
- CVE-2026-46802CRITICALCVSS 9.9EG 9.92026-06-17
Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged …
- CVE-2026-46805CRITICALCVSS 9.3EG 9.32026-06-17
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with ne…
- CVE-2026-46808HIGHCVSS 8.7EG 8.72026-06-17
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with net…
- CVE-2026-46809CRITICALCVSS 9.1EG 9.12026-06-17
Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated att…
- CVE-2026-46810MEDIUMCVSS 6.5EG 6.52026-06-17
Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: End User Self Service). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated att…
- CVE-2026-46812MEDIUMCVSS 6.1EG 6.12026-06-17
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticate…
- CVE-2026-46814CRITICALCVSS 9.9EG 9.92026-06-17
Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged …
- CVE-2026-46818HIGHCVSS 7.4EG 7.42026-05-28
Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows unauthenticated attacker with netwo…
- CVE-2026-46819CRITICALCVSS 9.1EG 9.12026-05-28
Vulnerability in the Oracle Internet Procurement Connector product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticat…
- CVE-2026-46820HIGHCVSS 8.5EG 8.52026-05-28
Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite (component: Common Components). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attac…
- CVE-2026-46821HIGHCVSS 7.7EG 7.72026-05-28
Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite (component: Common Components). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attac…
- CVE-2026-46822CRITICALCVSS 9.9EG 9.92026-05-28
Vulnerability in the Oracle iAssets product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network…
- CVE-2026-46824CRITICALCVSS 9.9EG 9.92026-05-28
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low…
- CVE-2026-46825MEDIUMCVSS 6.0EG 6.02026-06-17
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: VMSVGA device). The supported version that is affected is 7.2.8. Easily exploitable vulnerability allows high privileged attacker with logon to the in…
- CVE-2026-46827HIGHCVSS 8.8EG 8.82026-05-28
Vulnerability in the Oracle Payroll product of Oracle E-Business Suite (component: Self Service Manager). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with networ…
- CVE-2026-46828HIGHCVSS 8.1EG 8.12026-05-28
Vulnerability in the Oracle Payroll product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network…
- CVE-2026-46832CRITICALCVSS 9.9EG 9.92026-06-17
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows low privi…
- CVE-2026-46838CRITICALCVSS 9.9EG 9.92026-06-17
Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged …
- CVE-2026-46839CRITICALCVSS 9.9EG 9.92026-05-28
Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle REST …
- CVE-2026-46840CRITICALCVSS 10.0EG 10.02026-05-28
Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compro…
- CVE-2026-46842MEDIUMCVSS 5.3EG 5.32026-05-28
Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST…
Map vulnerabilities like CWE-284 to your infrastructure
EchelonGraph correlates every CVE — across CWE-284 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →