Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,344 vulnerabilities with CWE-306

CVE-2025-12447 MEDIUM

Google Chrome < 142.0.7444.59 - UI Spoofing via Omnibox Security UI

CVE-2025-12444 MEDIUM

Google Chrome < 142.0.7444.59 - UI Spoofing via Fullscreen Security UI

CVE-2025-12436 MEDIUM

Google Chrome < 142.0.7444.59 - Policy Bypass in Extensions

CVE-2025-20358 CRITICAL

Cisco Unified Contact Center Express - Unauthenticated Remote Code Execution via Authentication Bypass

CVE-2025-55108 CRITICAL

BMC Control-M/Agent 9.0.18-9.0.22 - Unauthenticated Remote Code Execution and Arbitrary File Read/Write

CVE-2025-12108 CRITICAL

Survision LPR Camera - Info Disclosure

CVE-2025-61956 CRITICAL

Radiometrics VizAir < 2025-08 - Unauthenticated Critical Function Access

CVE-2025-61945 CRITICAL

Radiometrics VizAir < 2025-08 - Unauthenticated Admin Panel Access

CVE-2025-47357 HIGH

Qualcomm Firmware - Unauthenticated Information Disclosure via QFPROM Fuse Region Access

CVE-2025-11007 CRITICAL

CE21 Suite 2.2.1-2.3.1 - Unauthenticated Plugin Settings Update via wp_ajax_nopriv_ce21_single_sign_on_save_api_settings

CVE-2025-8558 MEDIUM

Proofpoint Insider Threat Management Server < 7.17.2 - Unauthenticated Agent Unregistration via Adjacent Network

CVE-2025-48397 HIGH

Eaton BLSS <7.3.0.SCP004 - Auth Bypass

CVE-2025-52665 CRITICAL

UniFi Access 3.3.22-3.4.31 - Unauthenticated Management API Exposure

CVE-2025-12477 CRITICAL

BLU-IC2 and BLU-IC4 < 1.20 - Server Version Disclosure

CVE-2025-12476 CRITICAL

BLU-IC2 and BLU-IC4 Firmware < 1.20 - Unauthenticated Access to Critical Function

CVE-2025-41090 HIGH

microCLAUDIA <3.2.0 - Privilege Escalation

CVE-2025-43994 HIGH

Dell Storage Manager 20.1.21 - Unauthenticated Information Disclosure

CVE-2025-62607 MEDIUM

nautobot-ssot < 3.10.0 - Unauthenticated Information Disclosure via Configuration Page

CVE-2025-41110 HIGH

Ghost Robotics Vision 60 v0.27.2 - Improper Authentication via Hardcoded WiFi and SSH Credentials

CVE-2025-61756 HIGH

Oracle Financial Services Analytical ... - Missing Authentication

CVE-2025-62481 CRITICAL

Oracle Marketing 12.2.3-12.2.14 - Unauthenticated Authentication Bypass in Marketing Administration

CVE-2025-62287 MEDIUM

Oracle Life Sciences InForm 7.0.1.0 - Unauthenticated Data Manipulation and Read Access via Web Server

CVE-2025-61757 CRITICAL KEV

Oracle Identity Manager 12.2.1.4.0 and 14.1.2.1.0 - Unauthenticated Remote Code Execution via REST WebServices

CVE-2025-61752 HIGH

Oracle WebLogic Server 14.1.1.0.0 and 14.1.2.0.0 - Unauthenticated Denial of Service via HTTP/2

CVE-2025-53072 CRITICAL

Oracle Marketing 12.2.3-12.2.14 - Unauthenticated Remote Code Execution via HTTP

Previous Page 21 of 94 Next

Details

Vulnerabilities 2,344

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy