This page collects WhisperX intelligence signals tagged #CWE-284. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical broken access control vulnerability has been identified in the application's routing layer, permitting unauthenticated actors to execute database reset operations. The flaw, catalogued as CWE-284 under pattern DEEP-002, exists in the `/admin/db-reset` endpoint at line 45 of `app/routes.py`. The exposed funct...
A critical access control failure in a WordPress plugin allows any authenticated user with Subscriber privileges to retrieve all admin-level notices, including those containing sensitive security information. The vulnerability, cataloged as [VULN-1-001], exposes plugin vulnerability alerts, failed login summaries, data...