CWE-284— Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.— MITRE CWE catalog
4,712 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-284page 90 of 95
- CVE-2026-46919CRITICALCVSS 9.8EG 9.82026-06-17
Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager). Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows unauthenticated attacker with n…
- CVE-2026-46920HIGHCVSS 8.1EG 8.12026-06-17
Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager). Supported versions that are affected are 17.0-26.5. Difficult to exploit vulnerability allows unauthenticated attacker with…
- CVE-2026-46921HIGHCVSS 8.8EG 8.82026-06-17
Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager). Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows low privileged attacker with ne…
- CVE-2026-46922HIGHCVSS 7.2EG 7.22026-06-17
Vulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker wit…
- CVE-2026-46925HIGHCVSS 8.3EG 8.32026-06-17
Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager). Supported versions that are affected are 17.0-26.5. Difficult to exploit vulnerability allows unauthenticated attacker with…
- CVE-2026-46926HIGHCVSS 8.8EG 8.82026-06-17
Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager). Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows low privileged attacker with lo…
- CVE-2026-46927HIGHCVSS 8.1EG 8.12026-06-17
Vulnerability in the Oracle Receivables product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows unauthenticated attacker with …
- CVE-2026-46929HIGHCVSS 8.8EG 8.82026-06-17
Vulnerability in the Oracle Cost Management product of Oracle E-Business Suite (component: Cost Planning). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with netwo…
- CVE-2026-46930CRITICALCVSS 9.1EG 9.12026-06-17
Vulnerability in the Oracle In-Memory Cost Management for Discrete Industries product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.12-12.2.15. Easily exploitable vulnerability …
- CVE-2026-46931HIGHCVSS 8.8EG 8.82026-06-17
Vulnerability in the Oracle Enterprise Asset Management product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.6-12.2.15. Easily exploitable vulnerability allows low privileged a…
- CVE-2026-46932HIGHCVSS 7.1EG 7.12026-06-17
Vulnerability in the Oracle Enterprise Asset Management product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged a…
- CVE-2026-46933CRITICALCVSS 9.9EG 9.92026-06-17
Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker…
- CVE-2026-46934HIGHCVSS 7.5EG 7.52026-06-17
Vulnerability in the Oracle Complex Maintenance, Repair and Overhaul product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows l…
- CVE-2026-46935HIGHCVSS 7.5EG 7.52026-06-17
Vulnerability in the Oracle Complex Maintenance, Repair and Overhaul product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows l…
- CVE-2026-46938HIGHCVSS 7.2EG 7.22026-06-17
Vulnerability in the Oracle Cost Management product of Oracle E-Business Suite (component: Cost Planning). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with netw…
- CVE-2026-46939HIGHCVSS 8.1EG 8.12026-06-17
Vulnerability in the Oracle Configure to Order product of Oracle E-Business Suite (component: Supply to Order Workbench). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged atta…
- CVE-2026-46940HIGHCVSS 8.8EG 8.82026-06-17
Vulnerability in the Oracle Cost Management product of Oracle E-Business Suite (component: Cost Planning). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with netwo…
- CVE-2026-46942HIGHCVSS 8.8EG 8.82026-06-17
Vulnerability in the Oracle Process Manufacturing Process Planning product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low p…
- CVE-2026-46944CRITICALCVSS 9.1EG 9.12026-06-17
Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with netwo…
- CVE-2026-46945CRITICALCVSS 9.1EG 9.12026-06-17
Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with netwo…
- CVE-2026-46946CRITICALCVSS 9.1EG 9.12026-06-17
Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with netwo…
- CVE-2026-46947HIGHCVSS 8.8EG 8.82026-06-17
Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged a…
- CVE-2026-46949CRITICALCVSS 9.1EG 9.12026-06-17
Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated …
- CVE-2026-46950HIGHCVSS 8.8EG 8.82026-06-17
Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged a…
- CVE-2026-46956HIGHCVSS 7.2EG 7.22026-06-17
Vulnerability in the Oracle Property Manager product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker wi…
- CVE-2026-46957HIGHCVSS 7.5EG 7.52026-06-17
Vulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attacker w…
- CVE-2026-46958HIGHCVSS 7.5EG 7.52026-06-17
Vulnerability in the Oracle Subledger Accounting product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attack…
- CVE-2026-46959HIGHCVSS 7.5EG 7.52026-06-17
Vulnerability in the Oracle Subledger Accounting product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attack…
- CVE-2026-46960HIGHCVSS 7.2EG 7.22026-06-17
Vulnerability in the Oracle Project Portfolio Analysis product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged a…
- CVE-2026-46963CRITICALCVSS 9.9EG 9.92026-06-17
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low…
- CVE-2026-46964CRITICALCVSS 9.9EG 9.92026-06-17
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low…
- CVE-2026-46965HIGHCVSS 8.8EG 8.82026-06-17
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low…
- CVE-2026-46966HIGHCVSS 7.5EG 7.52026-06-17
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows l…
- CVE-2026-46967HIGHCVSS 8.8EG 8.82026-06-17
Vulnerability in the Oracle Public Sector Financials (International) product of Oracle E-Business Suite (component: Authorization). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privi…
- CVE-2026-46969HIGHCVSS 7.2EG 7.22026-06-17
Vulnerability in the Oracle Financials for EMEA product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker…
- CVE-2026-46971HIGHCVSS 7.5EG 7.52026-06-17
Vulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attacker wi…
- CVE-2026-46974HIGHCVSS 7.5EG 7.52026-06-17
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.8. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastru…
- CVE-2026-46976HIGHCVSS 7.2EG 7.22026-06-17
Vulnerability in the Oracle Public Sector Payroll product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attack…
- CVE-2026-46978CRITICALCVSS 10.0EG 10.02026-06-17
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Remote Administration Daemon). The supported version that is affected is 11.4. Easily exploitable vulnerability allows unauthenticated attacker with network access…
- CVE-2026-46979MEDIUMCVSS 6.5EG 6.52026-06-17
Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Integration and Interfaces). The supported version that is affected is 9.2.38. Easily exploitable vulnerability allows high privilege…
- CVE-2026-47164HIGHCVSS 7.7EG 7.72026-07-15
Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO login flow checked the IdP email_verified claim only for new-user creation and not when SSO_SIGNUPS_MATCH_EMAIL=true linked an IdP identity to…
- CVE-2026-47182MEDIUMCVSS 5.3EG 5.32026-06-12
Frappe is a full-stack web application framework. Prior to version 16.17.4, any authenticated user can access private files by guessing the file path. This issue has been patched in version 16.17.4.
- CVE-2026-47200MEDIUMCVSS 5.3EG 5.32026-05-29
Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.11.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, when experim…
- CVE-2026-47261HIGHCVSS 7.5EG 7.52026-06-05
Wasmtime is a runtime for WebAssembly. In versions prior to 24.0.9, 36.0.10, and 44.0.2, when a filesystem preopen is given DirPerms::all() and FilePerms::READ without FilePerms::WRITE, this access control mechanism can be bypassed via the…
- CVE-2026-47269HIGHCVSS 7.4EG 7.42026-05-27
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pam_usb's deny_remote feature checks utmpx ut_addr_v6 to detect whether an authentication request originates from a remote session. The out…
- CVE-2026-47279MEDIUMCVSS 6.9EG 6.92026-06-05
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the public shared-view relation endpoints accepted a caller-supplied column ID without verifying that the column was visible in the shared view, so anyone holdi…
- CVE-2026-47301HIGHCVSS 8.8EG 8.82026-07-14
Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges over a network.
- CVE-2026-47366HIGHCVSS 7.2EG 7.22026-06-12
Improper verification of access permissions when modifying permissions through the Administration Control Panel (ACP) allowed an authenticated administrator to grant permissions beyond the level authorized for their account, resulting in p…
- CVE-2026-47647CRITICALCVSS 9.9EG 9.92026-06-18
Improper access control in Microsoft Dynamics 365 allows an authorized attacker to elevate privileges over a network.
- CVE-2026-47907HIGHCVSS 8.6EG 8.22026-06-09
Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to execut…
Map vulnerabilities like CWE-284 to your infrastructure
EchelonGraph correlates every CVE — across CWE-284 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →