Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,343 vulnerabilities with CWE-306

CVE-2026-31881 HIGH

runtipi < 4.8.0 - Unauthenticated Password Reset and Account Takeover via /api/auth/reset-password Endpoint

CVE-2026-27897 CRITICAL

Vociferous < 4.4.2 - Unauthenticated Path Traversal and Arbitrary File Write via Export File Route

CVE-2026-30933 HIGH

FileBrowser Quantum <1.3.1-beta/1.2.2-stable - Info Disclosure

CVE-2026-2339 HIGH

TUBITAK BILGEM Liderahenk <3.4.0 - Auth Bypass

CVE-2026-23662 HIGH

Azure IoT Explorer < 0.15.13 - Unauthenticated Information Disclosure

CVE-2026-30885 MEDIUM

WWBN AVideo <25.0 - Info Disclosure

CVE-2026-1920 MEDIUM

Booking Calendar for Appointments 1.0.16 - Auth Bypass

CVE-2026-1919 MEDIUM

Booking Calendar for Appointments 1.0.16 - Info Disclosure

CVE-2026-30824 CRITICAL

Flowise < 3.0.13 - Unauthenticated Privileged Endpoint Access via NVIDIA NIM Router Whitelist

CVE-2026-25071 HIGH

XikeStor SKS8310-8X <1.04.B07 - Auth Bypass

CVE-2026-30846 HIGH

Wekan 8.31.0-8.33 - Info Disclosure

CVE-2026-26288 CRITICAL

OCPP WebSocket - Privilege Escalation

CVE-2026-2754 HIGH

Navtor NavBox 4.12.0.3 and 4.16.2.4 - Unauthenticated Sensitive Data Exposure via HTTP API Endpoints

CVE-2026-26051 CRITICAL

OCPP WebSocket - Privilege Escalation

CVE-2026-27603 HIGH

Chartbrew < 4.8.4 - Unauthenticated Data Access via Chart Filter Endpoint

CVE-2026-22552 CRITICAL

OCPP WebSocket - Privilege Escalation

CVE-2026-26125 HIGH

Payment Orchestrator Service - Privilege Escalation

CVE-2026-29613 MEDIUM

OpenClaw < 2026.2.12 - Unauthenticated Webhook Authentication Bypass via Loopback RemoteAddress Trust

CVE-2026-29606 MEDIUM

OpenClaw < 2026.2.14 - Unauthenticated Webhook Signature Verification Bypass via Ngrok Loopback Compatibility

CVE-2026-28485 HIGH

OpenClaw 2026.1.5-2026.2.12 - Auth Bypass

CVE-2026-28472 HIGH

OpenClaw < 2026.2.2 - Unauthenticated Device Identity Check Bypass via Gateway WebSocket Connect Handshake

CVE-2026-28468 HIGH

OpenClaw 2026.1.29-beta.1-2026.2.14 - Unauthenticated Browser Control Endpoint Access via Sandbox Bridge Server

CVE-2026-28458 HIGH

OpenClaw <2026.2.1 - Info Disclosure

CVE-2026-28450 MEDIUM

OpenClaw < 2026.2.12 - Unauthenticated Profile Tampering via Nostr Plugin HTTP Endpoints

CVE-2026-27944 CRITICAL

nginxui/nginx_ui < 2.3.3 - Unauthenticated Sensitive Data Exposure via Backup Endpoint

Previous Page 12 of 94 Next

Details

Vulnerabilities 2,343

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy