Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,343 vulnerabilities with CWE-306

CVE-2026-6274 CRITICAL

Authentication Bypass in DTS Electronics' Redline WR3200

CVE-2026-11238 MEDIUM

Google Chrome < 149.0.7827.53 - Information Disclosure via Malicious Extension

CVE-2026-25550 CRITICAL

Seagull Software BarTender Unauthenticated RCE via .NET Remoting Service

CVE-2026-50225 CRITICAL

Acer Connect M6E 5G Portable WiFi Router - Account Creation Exhaustion

CVE-2026-36603 HIGH

Mercusys AC12G (EU) V1 - Unauthenticated UPnP Port Forwarding Manipulation

CVE-2026-10617 HIGH

nextlevelbuilder GoClaw Webhook Verification auth.go resolveAuth missing authentication

CVE-2026-42074 CRITICAL

OpenClaude: Sandbox Bypass via Model-Controlled `dangerouslyDisableSandbox` Input

CVE-2026-0611 CRITICAL

Spacelabs Healthcare Sentinel 10.5.x < 11.6.0 Unauthenticated RCE via .NET Remoting

CVE-2026-24090 HIGH

Qualcomm Snapdragon HLOS - Boot Flow Modification via Partition Table

CVE-2026-24088 HIGH

Qualcomm Snapdragon Boot - Unauthorized Bootloader Write Access

CVE-2026-10283 MEDIUM

Bottelet DaybydayCRM <= 2.2.1 - Improper Authentication in Setting Handler

CVE-2026-10281 HIGH

Enderfga claw-orchestrator <= 3.5.5 - Missing Authentication in EmbeddedServer API Endpoint

CVE-2026-44211 CRITICAL

Cline Kanban Server <=2.13.0 - Cross-Origin WebSocket Hijacking

CVE-2026-25599 MEDIUM

Missing authentication and clear‑text data transmission affecting Orca heat pumps

CVE-2026-10243 HIGH

code-projects Smart Parking System Admin Endpoint missing authentication

CVE-2026-9051 CRITICAL

NI SystemLink Enterprise <= 2026-04 - Authentication Bypass

CVE-2026-44649 CRITICAL

SillyTavern: Authentication Bypass via SSO Header Injection

CVE-2026-5768 HIGH

Fourth Frontier Frontier X Mobile Application, Frontier X2 Missing Authentication for Critical Function

CVE-2026-45577 MEDIUM

Neotoma: Unauthenticated Inspector/API access via reverse-proxy loopback auth bypass

CVE-2026-45610 MEDIUM

WWBN AVideo plugin/LoginControl/set.json.php: 2FA toggle endpoint has no CSRF protection, letting an attacker page silently disable a logged-in victim's 2FA

CVE-2026-49195 HIGH

Predator Connect W6x: unauthenticated Debug Service

CVE-2026-8732 CRITICAL

WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action

CVE-2026-46840 CRITICAL

Oracle REST Data Services 24.2.0-26.1.0 - Unauthenticated Remote Code Execution via HTTPS

CVE-2026-46827 HIGH

Oracle Payroll 12.2.3-12.2.15 - Authenticated Remote Code Execution in Self Service Manager

CVE-2026-46826 HIGH

Oracle Payroll 12.2.3-12.2.15 - Authenticated Remote Code Execution via Internal Operations

Previous Page 2 of 94 Next

Details

Vulnerabilities 2,343

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy