Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,344 vulnerabilities with CWE-306

CVE-2025-14577 CRITICAL

Slican NCP/IPL/IPM/IPU - Code Injection

CVE-2025-30410 CRITICAL

Acronis Cyber Protect - Info Disclosure

CVE-2025-8350 CRITICAL

BiEticaret CMS 2.1.13-19022026 - Auth Bypass

CVE-2025-14294 MEDIUM

Razorpay for WooCommerce <=4.7.8 - Auth Bypass

CVE-2025-1272 HIGH

Linux Kernel 6.12+ Fedora - Info Disclosure

CVE-2025-70147 HIGH

ProjectWorlds Online Time Table Generator 1.0 - Auth Bypass

CVE-2025-70146 CRITICAL

ProjectWorlds Online Time Table Generator 1.0 - Auth Bypass

CVE-2025-70141 CRITICAL

SourceCodester Customer Support System 1.0 - Auth Bypass

CVE-2025-7706 MEDIUM

Liderahenk 3.0.0-3.3.1 - Auth Bypass

CVE-2025-32063 MEDIUM

BOSCH Infotainment ECU - Info Disclosure

CVE-2025-6792 MEDIUM

WPGuppy plugin <1.1.4 - Info Disclosure

CVE-2025-14349 HIGH

Universal Software Inc. FlexCity/Kiosk <1.0.36 - Privilege Escalation

CVE-2025-8025 CRITICAL

Dinosoft ERP <3.0.1-3.0.1 - Privilege Escalation

CVE-2025-12386 MEDIUM

Pix-Link LV-WR21Q - Info Disclosure

CVE-2025-59097 CRITICAL

dormakaba Access Manager 92xx-k5 and 92xx-k7 - Unauthenticated Configuration Manipulation via SOAP Request

CVE-2025-59090 CRITICAL

Kaba exos 9300 < 4.4.0 - Unauthenticated Information Disclosure via SOAP API

CVE-2025-52024 CRITICAL

Aptsys POS Platform Web Services < 2025-05-28 - Unauthenticated API Exposure via Internal Testing Tools

CVE-2025-54816 CRITICAL

evmapa - Unauthenticated WebSocket Connection

CVE-2025-69285 MEDIUM

fit2cloud SQLBot < 1.5.0 - Unauthenticated Arbitrary Data Injection via Excel/CSV Upload Endpoint

CVE-2025-62582 CRITICAL

DIAView < 4.4.0 - Missing Authentication for Critical Function

CVE-2025-14058 LOW

Lenovo Tab M11 TB330FU TB330XU < 17.0.284 - Missing Authentication for Control Center Settings

CVE-2025-12548 CRITICAL

Eclipse Che che-machine-exec - Unauthenticated Remote Command Execution

CVE-2025-69425 CRITICAL

Ruckus vRIoT IoT Controller <3.0.0.0 - Command Injection

CVE-2025-66049 HIGH

Vivotek IP7137 Firmware 0200a - Unauthenticated Information Disclosure via RTSP

CVE-2025-68716 HIGH

KAYSUS KS-WR3600 Firmware 1.0.5.9.1 - Unauthenticated Root Shell Access via SSH

Previous Page 17 of 94 Next

Details

Vulnerabilities 2,344

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy