Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,344 vulnerabilities with CWE-306

CVE-2025-68715 CRITICAL

Panda Wireless PWRU0 <2.2.9 - Privilege Escalation

CVE-2025-65731 MEDIUM

D-Link Router DIR-605L - Command Injection

CVE-2025-15346 CRITICAL

wolfssl-py <= 5.8.2 - Improper Authentication via Missing WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT Flag

CVE-2025-31963 LOW

HCL BigFix IVR 4.2 - Unauthenticated Configuration Change via Local Setup Interface

CVE-2025-14346 CRITICAL

WHILL Model C2 Electric Wheelchair and Model F Power Chair - Unauthenticated Bluetooth Command Injection

CVE-2025-15026 CRITICAL

Centreon Awie 24.04.0-24.04.2 - Unauthenticated Access to ACL-Protected Functionality

CVE-2025-3646 HIGH

Petlibro < 1.7.31 - Unauthenticated Authorization Bypass via Device Share API

CVE-2025-66377 HIGH

Pexip Infinity <39.0 - Privilege Escalation

CVE-2025-3232 HIGH

Mitsubishi Electric Europe smartRTU < 3.37 - Unauthenticated Remote Code Execution via API Route

CVE-2025-66445 HIGH

Hitachi Infrastructure Analytics Advisor <11.0.5.00 - Auth Bypass

CVE-2025-65856 CRITICAL

Xiongmai XM530 IP Cameras V5.00.R02.000807D8.10010.346624.S.ONVIF - Unauthenticated Sensitive Information Exposure

CVE-2025-12049 CRITICAL

Sharp Display Solutions Media Player MP-01 - Unauthenticated Critical Function Access

CVE-2025-14300 HIGH

Tapo C200 V3 < V3_1.4.5 Build 251104 - Unauthenticated Denial of Service via connectAP Interface

CVE-2025-52692 HIGH

Linksys E9450-SG Firmware - Unauthenticated Access to Administration Functions via Crafted URL

CVE-2025-63391 HIGH

Open-WebUI <= 0.6.32 - Unauthenticated Sensitive Data Exposure via /api/config Endpoint

CVE-2025-63390 MEDIUM

AnythingLLM 1.8.5 - Unauthenticated Workspace Information Disclosure via /api/workspaces Endpoint

CVE-2025-63389 CRITICAL

ollama < 0.12.3 - Unauthenticated API Endpoint Access

CVE-2025-65010 HIGH

WODESYS WD-R608U WDR28 WDR122B V2.0 - Unauthenticated Admin Password Change via Initial Configuration Wizard

CVE-2025-65007 HIGH

WODESYS WD- R608U - Command Injection

CVE-2025-43428 CRITICAL

iPadOS < 26.2 - Unauthenticated Hidden Photos Album Access

CVE-2025-34434 CRITICAL

AVideo < 20.1 - Unauthenticated Arbitrary File Upload and Deletion via ImageGallery Plugin

CVE-2025-14038 HIGH

EDB Hybrid Manager < 1.3.3 and < 2025.12.0 - Unauthenticated Missing Authorization via gRPC Endpoints

CVE-2025-14567 MEDIUM

haxxorsid stock-management-system < 2018-01-27 - Unauthenticated Missing Authentication in /api/employees

CVE-2025-12348 MEDIUM

Icegram Express <5.9.10 - Auth Bypass

CVE-2025-67780 MEDIUM

SpaceX Starlink Dish - Unauthenticated RCE

Previous Page 18 of 94 Next

Details

Vulnerabilities 2,344

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy