Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,205 vulnerabilities with CWE-306

CVE-2026-34289 MEDIUM

Oracle Identity Manager Connector 12.2.1.4.0 - Info Disclosure

CVE-2026-34288 MEDIUM

Oracle Identity Manager Connector 12.2.1.4.0 - Info Disclosure

CVE-2026-34286 CRITICAL

Oracle Identity Manager Connector 12.2.1.4.0 - Unauthenticated Data Manipulation

CVE-2026-34285 CRITICAL

Oracle Identity Manager Connector 12.2.1.4.0 - Unauthenticated Data Manipulation

CVE-2026-34280 MEDIUM

Oracle PeopleSoft Enterprise HCM Human Resources 9.2 - Privilege Escalation

CVE-2026-34279 CRITICAL

Oracle Enterprise Manager Base Platform 13.5 - Privilege Escalation

CVE-2026-34275 CRITICAL

Oracle Advanced Inbound Telephony 12.2.3-12.2.15 - RCE

CVE-2026-34266 MEDIUM

Oracle PeopleSoft Enterprise HCM Absence Management 9.2 - Privilege Escalation

CVE-2026-40884 CRITICAL

goshs: Empty-username SFTP password authentication bypass in goshs

CVE-2026-40050 CRITICAL

CrowdStrike LogScale Unauthenticated Path Traversal

CVE-2026-24177 HIGH

Nvidia Kai Scheduler - Information Disclosure

CVE-2026-41039 HIGH

Information Disclosure Vulnerability in Quantum Networks Router QN-I-470

CVE-2026-34839 MEDIUM

Glances Vulnerable to Cross-Origin Information Disclosure via Unauthenticated REST API (/api/4) due to Permissive CORS

CVE-2026-26944 HIGH

Dell PowerProtect Data Domain 7.7.1.0-8.6 - Auth Bypass

CVE-2026-25058 HIGH

Vexa's unauthenticated internal transcript endpoint exposed by default

CVE-2026-6369 MEDIUM

Exposed Session Token in canonical-livepatch client snap

CVE-2026-32962 MEDIUM

silex technology SD-330AC <=Ver.1.42 - Auth Bypass

CVE-2026-32957 MEDIUM

silex technology SD-330AC <=Ver.1.42 - Auth Bypass

CVE-2026-6588 MEDIUM

serge-chat serge Model API Endpoint model.py delete_model missing authentication

CVE-2026-6582 HIGH

TransformerOptimus SuperAGI Vector Database Management Endpoint vector_dbs.py get_vector_db_details missing authentication

CVE-2026-6579 MEDIUM

liangliangyy DjangoBlog Clean Endpoint views.py missing authentication

CVE-2026-6577 HIGH

liangliangyy DjangoBlog logtracks Endpoint views.py missing authentication

CVE-2026-40461 HIGH

Anviz Products Missing Authentication for Critical Function

CVE-2026-35546 CRITICAL

Anviz Products Missing Authentication for Critical Function

CVE-2026-6348 HIGH

Simopro Technology｜WinMatrix - Missing Authentication

Previous Page 2 of 89 Next

Details

Vulnerabilities 2,205

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy