Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,343 vulnerabilities with CWE-306

CVE-2026-33366 MEDIUM

BUFFALO Wi-Fi router products - Unauthenticated Denial of Service via Forced Reboot

CVE-2026-3527 MEDIUM

AJAX Dashboard - Critical - Access bypass - SA-CONTRIB-2026-022

CVE-2026-24068 HIGH

Missing XPC Client & NSXPC endpoint validation leads to privilege escalation in Vienna Assistant (MacOS) - Vienna Symphonic Library

CVE-2026-1724 MEDIUM

Missing Authentication for Critical Function in GitLab

CVE-2026-32326 MEDIUM

Sharp home 5G HR01 <=38JP_0_490 - Auth Bypass

CVE-2026-2417 CRITICAL

Missing Authentication for Critical Function in Pharos Controls Mosaic Show Controller

CVE-2026-33159 MEDIUM

Craft CMS 4.x and 5.x - Unauthenticated Config Sync Operations

CVE-2026-33340 CRITICAL

LoLLMs WEBUI has unauthenticated Server-Side Request Forgery (SSRF) in /api/proxy endpoint

CVE-2026-4649 MEDIUM

Auth bypass in Apache Artemis allows reading all internal messages

CVE-2026-4640 HIGH

Galaxy Software Services｜Vitals ESP - Missing Authentication

CVE-2026-33719 HIGH

WWBN AVideo <= 26.0 - Unauthenticated CDN Configuration Modification via par Parameter

CVE-2026-31846 MEDIUM

Nexxt Solutions Nebula 300+ <=12.01.01.37 - Info Disclosure

CVE-2026-4582 MEDIUM

Shenzhen HCC Technology MPOS M6 PLUS Bluetooth missing authentication

CVE-2026-4562 HIGH

MacCMS Timming API Endpoint Timming.php weak authentication

CVE-2026-2756 MEDIUM

OmniPEMF NeoRhythm BLE missing authentication

CVE-2026-32896 MEDIUM

OpenClaw < 2026.2.21 - Unauthenticated Webhook Access via Passwordless Fallback in BlueBubbles Plugin

CVE-2026-32064 HIGH

OpenClaw < 2026.2.21 - Missing VNC Authentication in Sandbox Browser noVNC Observer

CVE-2026-33231 HIGH

NLTK has unauthenticated remote shutdown in nltk.app.wordnet_app

CVE-2026-33203 HIGH

SiYuan <3.6.2 WebSocket Auth Keepalive - Denial of Service

CVE-2026-29796 CRITICAL

IGL-Technologies eParking.fi Missing Authentication for Critical Function

CVE-2026-25192 CRITICAL

CTEK Chargeportal Missing Authentication for Critical Function

CVE-2026-22898 CRITICAL

QNAP QVR Pro < 2.7.4.14 - Missing Authentication for Critical Function

CVE-2026-33070 LOW

FileRise has Unauthenticated Share Link Deletion

CVE-2026-4476 MEDIUM

Yi Technology YI Home Camera CGI Endpoint ipc missing authentication

CVE-2026-33038 HIGH

AVideo affected by unauthenticated application takeover via exposed web installer on uninitialized deployments

Previous Page 10 of 94 Next

Details

Vulnerabilities 2,343

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy