Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,343 vulnerabilities with CWE-306

CVE-2026-12183 CRITICAL

Nefteprodukttekhnika LLC Buk Ts-g Gas Station Automation System < 2.10.2 - Improper Authentication

CVE-2026-53868 HIGH

Capgo < 12.128.2 - Denial of Service via Unverified Email Account Registration and Deletion

CVE-2026-50287 HIGH

Missing Authentication for Critical Function in @agenticmail/mcp

CVE-2026-53981 HIGH

Cap-go < v12.128.2 Account Takeover via Unauthenticated Email Change Mechanism

CVE-2026-50085 HIGH

Aqara Board IoT insecure debug API

CVE-2026-50082 MEDIUM

Aqara Developer Portal insecure authentication token

CVE-2026-8694 MEDIUM

Improper access control on the API documentation endpoint in PowerShell Universal

CVE-2026-11848 MEDIUM

IEI Integration Corp｜ iRM-IEI Remote Management - Missing Authentication

CVE-2026-11535 CRITICAL

Vivo PcSuite - Missing Authentication for Critical Function

CVE-2026-50245 HIGH

Brickcom Cameras Missing Authentication for Critical Function

CVE-2026-49973 CRITICAL

Hermes WebUI < 0.51.358 Unauthenticated Password Takeover via /api/settings

CVE-2026-35273 CRITICAL KEV

PeopleSoft Enterprise PeopleTools 8.61-8.62 - Unauthenticated Remote Code Execution via Updates Environment Management

CVE-2026-46612 HIGH

Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function archives

CVE-2026-20253 CRITICAL

Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise

CVE-2026-45567 HIGH

Roxy-WI: Authentication bypass via 'api' substring in URL + unauthenticated /api/gpt

CVE-2026-9045 HIGH

Lenovo Accessories And Display Manager For Enterprise < 1.0.9 - Missing Authentication for Critical Function

CVE-2026-8335 HIGH

Aix-DB <= 1.2.4 - Missing Authentication on LLM SQL Query Endpoint

CVE-2026-53469 CRITICAL

Migration-planner: unprotected delete endpoint wipes all tenant data

CVE-2026-50512 HIGH

Microsoft PC Manager Elevation of Privilege Vulnerability

CVE-2026-9212 MEDIUM

Insufficient authentication and input validation in certain NETGEAR products

CVE-2026-50507 MEDIUM

Microsoft Windows 10 Version 1607 - Windows BitLocker Security Feature Bypass Vulnerability

CVE-2026-47281 CRITICAL

Visual Studio Code Elevation of Privilege Vulnerability

CVE-2026-11429 CRITICAL

Path Traversal in Altium Git Service Allows Remote Code Execution

CVE-2026-11420 CRITICAL

Path Traversal in Altium Enterprise Server NIS Allows Unauthenticated Arbitrary File Write and File Read

CVE-2026-45327 HIGH

TinyIce: Missing authentication on WebRTC ingest endpoint allows unauthorized stream injection

Page 1 of 94 Next

Details

Vulnerabilities 2,343

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy