Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,344 vulnerabilities with CWE-306

CVE-2026-23693 CRITICAL

ElementsKit Lite <3.7.9 - Unauthenticated Mailchimp API Proxy Abuse

CVE-2026-27471 CRITICAL

ERP <=15.98.0/16.0.0-rc.1-16.6.0 - Auth Bypass

CVE-2026-26048 HIGH

USR-W610 < 3.1.1.0 - Unauthenticated Denial of Service via Forged Management Frames

CVE-2026-24790 HIGH

Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller - Unauthenticated Remote PLC Manipulation

CVE-2026-26319 HIGH

OpenClaw < 2026.2.14 - Unauthenticated Webhook Spoofing via Missing Telnyx Signature Verification

CVE-2026-27182 HIGH

Saturn Remote Mouse Server - Command Injection

CVE-2026-1670 CRITICAL

Affected Products - Info Disclosure

CVE-2026-2577 CRITICAL

Nanobot WhatsApp Bridge - Auth Bypass

CVE-2026-26333 CRITICAL

Calero VeraSMART <2022 R1 - Unauthenticated Code Injection

CVE-2026-26190 CRITICAL

Milvus < 2.5.27 - Unauthenticated API Access via Exposed TCP Port

CVE-2026-26055 HIGH

Yoke <= 0.19.0 - Unauthenticated WASM Module Execution via ATC Webhook Endpoint

CVE-2026-26235 HIGH

JUNG Smart Visu Server 1.1.1050 - DoS

CVE-2026-1729 CRITICAL

AdForest theme <6.0.12 - Auth Bypass

CVE-2026-25084 CRITICAL

ZLAN5143D >=v1.600 - Unauthenticated Critical Function Access via Direct URL Access

CVE-2026-24789 CRITICAL

ZLAN5143D - Unauthenticated Password Change via Unprotected API Endpoint

CVE-2026-2249 CRITICAL

METIS DFS <oscore 2.1.234-r18 - RCE

CVE-2026-2248 CRITICAL

METIS WIC <= oscore 2.1.234-r18 - RCE

CVE-2026-1603 HIGH KEV

Ivanti Endpoint Manager < 2024 SU5 - Unauthenticated Credential Data Leak

CVE-2026-25938 CRITICAL

FUXA 1.2.8-1.2.10 - Unauthenticated Remote Code Execution via Node-RED Plugin

CVE-2026-25895 CRITICAL

FUXA < 1.2.10 - Unauthenticated Path Traversal and Arbitrary File Write

CVE-2026-25885 HIGH

PolarLearn 0-PRERELEASE-16 - Unauthenticated Group Chat Access via WebSocket

CVE-2026-25878 MEDIUM

frosh/adminer-platform < 2.2.1 - Unauthenticated Access to Adminer UI

CVE-2026-25791 HIGH

Sliver < 1.7.0 - Unauthenticated Memory Exhaustion via DNS C2 Listener Session Allocation

CVE-2026-25848 CRITICAL

JetBrains Hub <2025.3.119807 - Auth Bypass

CVE-2026-2234 CRITICAL

HGiga C&Cm@il package olln-base < 7.0-978 - Unauthenticated Mail Content Access and Modification

Previous Page 14 of 94 Next

Details

Vulnerabilities 2,344

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy