Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,344 vulnerabilities with CWE-306

CVE-2025-23417 HIGH

Socomec DIRIS Digiware M-70 1.6.9 - Unauthenticated Denial of Service via Modbus RTU over TCP

CVE-2025-20085 HIGH

Socomec DIRIS Digiware M-70 1.6.9 - DoS

CVE-2025-65112 CRITICAL

PubNet < 1.1.3 - Unauthenticated Identity Spoofing via Arbitrary Author-ID Upload

CVE-2025-13483 HIGH

SiRcom SMART Alert (SiSA) >=3.0.48 <3.0.48 - Unauthenticated Backend API Access Bypass

CVE-2025-12003 HIGH

ASUS Router 3.0.0.4_386 3.0.0.4_388 3.0.0.6_102 - Unauthenticated Path Traversal via WebDAV

CVE-2025-63958 CRITICAL

MILLENSYS Vision Tools Workspace 6.5.0.2585 - Info Disclosure

CVE-2025-63435 MEDIUM

Xtooltech Xtool AnyScan <4.40.40 - Info Disclosure

CVE-2025-12969 MEDIUM

Fluent Bit - Unauthenticated Log Injection via in_forward Input Plugin

CVE-2025-11771 MEDIUM

TokenICO plugin <2.4.6 - Info Disclosure

CVE-2025-64770 MEDIUM

iCam365 P201 and QC021 - Unauthenticated Access to ONVIF Services

CVE-2025-62674 MEDIUM

iCam365 P201 and QC021 - Unauthenticated RTSP Access

CVE-2025-63206 CRITICAL

Dasan Switch DS2924 <1.02.00 - Auth Bypass

CVE-2025-34331 HIGH

AudioCodes Fax Server and Auto-Attendant IVR <= 2.6.23 - Unauthenticated Arbitrary File Read via download.php

CVE-2025-12349 MEDIUM

Icegram Express <5.9.10 - Auth Bypass

CVE-2025-9312 CRITICAL

WSO2 API Control Plane and API Manager - Unauthenticated Administrative Access via mTLS Bypass

CVE-2025-64307 MEDIUM

Brightpick Internal Logic Control - Unauthenticated RCE

CVE-2025-59780 HIGH

General Industrial Controls Lynx+ Gateway - Missing Authentication for Critical Function in Embedded Web Server

CVE-2025-58083 CRITICAL

General Industrial Controls Lynx+ Gateway - Auth Bypass

CVE-2025-55073 MEDIUM

Mattermost <10.11.3, 10.5.11, 10.12.0 - Open Redirect

CVE-2025-55070 MEDIUM

Mattermost <11 - Unauthenticated Information Disclosure via WebSocket Events

CVE-2025-59367 CRITICAL

ASUS DSL-AC51, DSL-N16, and DSL-AC750 Firmware < 1.1.2.3_1010 - Unauthenticated Authentication Bypass

CVE-2025-40817 MEDIUM

Siemens LOGO! and SIPLUS LOGO! - Unauthenticated Time Manipulation

CVE-2025-40816 HIGH

Siemens LOGO! Devices - Unauthenticated IP Address Manipulation

CVE-2025-11986 MEDIUM

WordPress Crypto <2.22 - Info Disclosure

CVE-2025-42885 MEDIUM

SAP HANA 2.0 (hdbrss) - Unauthenticated Information Disclosure via Remote-Enabled Function

Previous Page 20 of 94 Next

Details

Vulnerabilities 2,344

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy