Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,344 vulnerabilities with CWE-306

CVE-2025-65828 MEDIUM

Meatmeet Pro WiFi & Bluetooth Meat Thermometer Firmware - Unauthenticated Denial of Service via BLE Commands

CVE-2025-65824 HIGH

Meatmeet Pro BLE Thermometer - Unauthenticated OTA Firmware Overwrite

CVE-2025-13607 CRITICAL

Camera Configuration Info Disclosure

CVE-2025-59516 HIGH

Windows Storage VSP Driver - Privilege Escalation

CVE-2025-34414 CRITICAL

Entrust Instant Financial Issuance (IFI) On Premise <6.10.5-6.11.1 ...

CVE-2025-12941 MEDIUM

NETGEAR C6220 and C6230 - Authenticated Denial of Service via Local WiFi Reboot

CVE-2025-42875 MEDIUM

SAP Internet Communication Framework - Auth Bypass

CVE-2025-48608 MEDIUM

Android - Missing Authorization in SettingsProvider isValidMediaUri

CVE-2025-48572 HIGH KEV

Android - Unauthenticated Activity Launch via Permissions Bypass

CVE-2025-27020 CRITICAL

Infinera MTC-9 <R23.0. - Command Injection

CVE-2025-27019 CRITICAL

Infinera MTC-9 < R23.0 - Passwordless RSH Reverse Shell Access

CVE-2025-64056 MEDIUM

Fanvil x210 V2 2.12.20 - Unauthenticated Arbitrary File Write via File Upload

CVE-2025-66555 HIGH

AirKeyboard iOS App 1.0.5 - Unauthenticated Remote Input Injection

CVE-2025-63896 HIGH

JXL 9 Inch Car Android Double Din Player <v12.0 - Code Injection

CVE-2025-27935 HIGH

Ping Identity One-Time Passcode Integration Kit for PingFederate 1.0-1.0.9 & >=1.1.1 - Authentication Bypass

CVE-2025-54158 HIGH

Synology BeeDrive < 1.4.2-13960 - Unauthenticated Arbitrary Code Execution

CVE-2025-13510 CRITICAL

Iskra iHUB/iHUB Lite - Info Disclosure

CVE-2025-59695 CRITICAL

Entrust nShield Connect XC, nShield 5c, and nShield HSMi < 13.6.12 - Missing Authentication for Firmware Update

CVE-2025-13870 LOW

Mattermost 10.5.0-10.5.12 and 10.11.0-10.11.4 - Authenticated Missing Permission Validation in Boards

CVE-2025-55222 HIGH

Socomec DIRIS Digiware M-70 1.6.9 - DoS

CVE-2025-55221 HIGH

Socomec DIRIS Digiware M-70 <1.6.9 - DoS

CVE-2025-54851 HIGH

Socomec DIRIS Digiware M-70 1.6.9 - Unauthenticated Denial of Service via Modbus TCP Write Single Register

CVE-2025-54850 HIGH

Socomec DIRIS Digiware M-70 1.6.9 - Unauthenticated Denial of Service via Modbus RTU over TCP Write Single Register

CVE-2025-54849 HIGH

Socomec DIRIS Digiware M-70 1.6.9 - Unauthenticated Denial of Service via Modbus TCP Write Single Register

CVE-2025-54848 HIGH

Socomec DIRIS Digiware M-70 Firmware 1.6.9 - Unauthenticated Denial of Service via Modbus TCP Write Single Register

Previous Page 19 of 94 Next

Details

Vulnerabilities 2,344

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy