CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,344 vulnerabilities with CWE-306
CVE-2026-2165 HIGH
detronetdip E-commerce 1.0.0 - Info Disclosure
CVSS 7.3
CVE-2026-25593 HIGH
OpenClaw < 2026.1.20 - Unauthenticated OS Command Injection via Gateway WebSocket API
CVSS 8.4
CVE-2026-2065 MEDIUM
Flycatcher Toys smART Pixelator 2.0 - Auth Bypass
CVSS 6.3
CVE-2026-25751 HIGH
FUXA < 1.2.10 - Unauthenticated Information Disclosure of Database Credentials
CVSS 7.5
CVE-2026-25505 CRITICAL
bambuddy < 0.1.7 - Unauthenticated Use of Hard-coded Cryptographic Key
CVSS 9.8
CVE-2026-1633 CRITICAL
Synectix LAN 232 TRIO - Info Disclosure
CVSS 10.0
CVE-2026-1632 CRITICAL
MOMA Seismic Station <v2.4.2520 - Info Disclosure
CVSS 9.1
CVE-2026-1341 CRITICAL
Avation Light Engine Pro - Info Disclosure
CVE-2026-25137 CRITICAL
NixOs Odoo <25.11-26.05 - Info Disclosure
CVSS 9.1
CVE-2026-24728 CRITICAL
Interinfo DreamMaker <2025/10/22 - Auth Bypass
CVE-2026-25116 HIGH
runtipi 4.5.0-4.7.1 - Unauthenticated Path Traversal and Remote Code Execution via UserConfigController
CVSS 7.6
CVE-2026-1453 CRITICAL
KiloView Encoder Series - Privilege Escalation
CVSS 9.8
CVE-2026-1410 MEDIUM
Beetel 777VR1 < 01.00.09_55 - Improper Authentication via UART Interface
CVSS 6.4
CVE-2026-24423 CRITICAL KEV
SmarterTools SmarterMail <9511 - RCE
CVSS 9.8
CVE-2026-1364 CRITICAL
JNC IAQS and I6 - Unauthenticated Missing Authentication for Critical Function
CVSS 9.8
CVE-2026-0778 HIGH
Enel X JuiceBox 40 - Unauthenticated Remote Code Execution via Telnet Service
CVSS 8.8
CVE-2026-24124 CRITICAL
Dragonfly <2.4.1-rc.0 - Info Disclosure
CVSS 9.8
CVE-2026-1332 MEDIUM
MeetingHub Paperless Meetings < 2025-12-10 - Unauthenticated API Access
CVSS 5.3
CVE-2026-23944 CRITICAL
Arcane < 1.13.2 - Unauthenticated Remote Environment Access via Proxy Middleware
CVSS 9.8
CVE-2026-23744 CRITICAL
MCPJam inspector < 1.4.3 - Remote Code Execution via HTTP Request
CVSS 9.8
CVE-2026-0942 MEDIUM
Rede Itaú for WooCommerce <5.1.2 - Auth Bypass
CVSS 5.3
CVE-2026-1023 HIGH
Gotac Statistics Database System < 1.0.4 - Unauthenticated Database Query Access
CVSS 7.5
CVE-2026-1019 CRITICAL
Gotac Police Statistics Database System < 1.0.3 - Unauthenticated Database Manipulation via Specific Functionality
CVSS 9.8
CVE-2026-23746 CRITICAL
Entrust Instant Financial Issuance (IFI) On Premise <6.10.5-6.11.1 ...
CVE-2026-22238 CRITICAL
BLUVOYIX - Unauthenticated Privilege Escalation via Admin API
CVSS 9.8
Details
Vulnerabilities 2,344
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits