Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,344 vulnerabilities with CWE-306

CVE-2026-20803 HIGH

Microsoft SQL Server 2022 and 2025 - Missing Authentication for Critical Function

CVE-2026-0492 HIGH

SAP HANA Database - Privilege Escalation via User Switching

CVE-2026-22812 HIGH

OpenCode <1.0.216 - Command Injection

CVE-2026-22788 HIGH

wem-project/wem < 1.19 - Unauthenticated Sensitive Data Exposure and Limited Write Access via API Endpoints

CVE-2026-0842 MEDIUM

Flycatcher Toys smART Sketcher <2.0 - Missing Authentication

CVE-2026-0650 CRITICAL

OpenFlagr <= 1.1.18 - Unauthenticated Authentication Bypass via Path Normalization

CVE-2026-0625 CRITICAL

D-Link DSL/DIR/DNS - Unauthenticated DNS Configuration Modification via dnscfg.cgi Endpoint

CVE-2026-21446 CRITICAL

Bagisto 2.3.0-2.3.9 - Unauthenticated Admin Account Creation and Configuration Modification via Install API Endpoints

CVE-2026-21445 CRITICAL

Langflow < 1.7.1 - Unauthenticated Sensitive Data Exposure and Destructive Operations via API Endpoints

CVE-2025-71318 CRITICAL

NetMan 204 Missing Authentication for Administrative Functions

CVE-2025-62619 MEDIUM

Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics - Missing Authentication for Critical Function

CVE-2025-27853 HIGH

Garmin WDU v1 1.4.6 & v2 5.0 - Auth Bypass

CVE-2025-13030 HIGH

django-mdeditor < 0.1.20 - Unauthenticated Arbitrary File Upload and Remote Code Execution via Image Upload Endpoint

CVE-2025-53847 MEDIUM

Fortinet FortiOS <7.6.3 - Auth Bypass

CVE-2025-30650 MEDIUM

Junos OS: Privileged local user can gain access to a Linux-based FPC as root

CVE-2025-15620 HIGH

HiOS Switch Platform Denial-of-Service via Web Interface

CVE-2025-67805 MEDIUM

Sage DPW 2025_06_004 - Info Disclosure

CVE-2025-15517 HIGH

Authorization Bypass in HTTP Server Endpoints on TP-Link Archer NX200, NX210, NX500 and NX600

CVE-2025-71257 HIGH

BMC FootPrints ITSM 20.20.02 <= 20.24.01.001 Authentication Bypass

CVE-2025-15515 MEDIUM

vivo Easyshare <7.0.11.5 - Info Disclosure

CVE-2025-13779 HIGH

ABB AWIN GW100 rev.2 & GW120 - Auth Bypass

CVE-2025-13778 MEDIUM

ABB AWIN GW100 rev.2 & GW120 - Auth Bypass

CVE-2025-30035 CRITICAL

CGM CLININET - Unauthenticated Authentication Bypass via Username

CVE-2025-15567 LOW

vivo health_module < 5.3.0.0 - Partial Information Disclosure

CVE-2025-15509 MEDIUM

vivo smartremote_module < 5.1.2.0 - Information Disclosure via URL Loading

Previous Page 16 of 94 Next

Details

Vulnerabilities 2,344

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy