Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,343 vulnerabilities with CWE-306

CVE-2026-33017 CRITICAL KEV

Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint

CVE-2026-21992 CRITICAL

Oracle Identity Manager 12.2.1.4.0 - RCE

CVE-2026-32985 CRITICAL

Xerte Online Toolkits <= 3.14 Unauthenticated Template Import Arbitrary File Upload Leading to Remote Code Execution

CVE-2026-22731 HIGH

Authentication Bypass under Actuator Health groups paths

CVE-2026-32041 MEDIUM

OpenClaw < 2026.3.1 - Unauthenticated Browser Control Access via Failed Auth Bootstrap

CVE-2026-24062 HIGH

Insufficient XPC Client validation leading to local privilege escalation in Arturia Software Center

CVE-2026-2603 HIGH

Keycloak: keycloak: unauthorized authentication via disabled saml identity provider

CVE-2026-22174 MEDIUM

OpenClaw < 2026.2.22 - Gateway Token Disclosure via Chrome CDP Probe

CVE-2026-22727 HIGH

Cloud Foundry unprotected internal endpoints

CVE-2026-1264 HIGH

IBM Sterling B2B Integrator and IBM Sterling File Gateway Improper Access Controls

CVE-2026-3207 CRITICAL

TIBCO BPM Enterprise Remote Code Execution (RCE) Vulnerability

CVE-2026-32297 HIGH

Angeet ES3 KVM unauthenticated arbitrary file write

CVE-2026-32296 HIGH

Sipeed NanoKVM unauthenticated Wi-Fi configuration endpoint

CVE-2026-32291 MEDIUM

GL-iNet Comet (GL-RM1) KVM unauthenticated root access via UART serial console

CVE-2026-4312 CRITICAL

DrangSoft｜GCB/FCB Audit Software - Missing Authentication

CVE-2026-4187 MEDIUM

Tiandy Easy7 Integrated Management Platform 7.17.0 - Missing Authentication via Device Identifier Handler

CVE-2026-3558 HIGH

Philips Hue Bridge - Unauthenticated Authentication Bypass via HomeKit Accessory Protocol Transient Pairing Mode

CVE-2026-32594 HIGH

Parse Server GraphQL WebSocket endpoint bypasses security middleware

CVE-2026-2491 MEDIUM

Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability

CVE-2026-20995 MEDIUM

Samsung Mobile Smart Switch - Auth Bypass

CVE-2026-31944 HIGH

LibreChat 0.8.2-0.8.2-rc3 - Auth Bypass

CVE-2026-31882 HIGH

dagu < 2.2.4 - Unauthenticated Information Disclosure via Server-Sent Events Endpoints

CVE-2026-22192 CRITICAL

wpDiscuz <7.6.47 - Stored XSS

CVE-2026-3611 CRITICAL

Honeywell IQ4x 3.50_3.44-4.36 (build 4.3.7.9) - Unauthenticated Account Creation and Privilege Escalation via U.htm

CVE-2026-32231 HIGH

ZeptoClaw < 0.7.6 - Unauthenticated Message Spoofing and Session Routing Abuse via Webhook Identity Fields

Previous Page 11 of 94 Next

Details

Vulnerabilities 2,343

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy