Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,344 vulnerabilities with CWE-306

CVE-2025-53037 CRITICAL

Oracle Financial Services Analytical Applications Infrastructure 8.0.7.9/8.0.8.7/8.1.2.5 - RCE via HTTP

CVE-2025-53034 MEDIUM

Oracle Financial Services Analytical ... - Missing Authentication

CVE-2025-11949 HIGH

EasyFlow .NET & EasyFlow AiNet - Auth Bypass

CVE-2025-9574 CRITICAL

ABB ALS-mini-s4/8 - Info Disclosure

CVE-2025-60856 MEDIUM

Reolink Video Doorbell WiFi DB_566128M5MP_W - RCE

CVE-2025-11942 HIGH

70mai X200 Firmware < 2025-10-10 - Improper Authentication in Pairing

CVE-2025-11852 MEDIUM

Apeman ID71 218.53.203.117 - Unauthenticated Improper Authentication in ONVIF Service

CVE-2025-62586 CRITICAL

OPEXUS FOIAXpress 11.1.0-11.13.1.9 - Unauthenticated Administrator Password Reset

CVE-2025-9152 CRITICAL

WSO2 API Manager - Privilege Escalation

CVE-2025-0275 MEDIUM

HCL BigFix Mobile <3.3 - Privilege Escalation

CVE-2025-0274 MEDIUM

HCL BigFix MCM <3.3 - Privilege Escalation

CVE-2025-11728 MEDIUM

Oceanpayment CreditCard Gateway <6.0 - Info Disclosure

CVE-2025-23356 HIGH

NVIDIA Isaac Lab < 2.2.1 - Remote Code Execution via SB3 Configuration Parsing

CVE-2025-7328 CRITICAL

Rockwell Automation 1783-NATR Firmware < 1.007 - Unauthenticated Denial of Service and Admin Account Takeover

CVE-2025-40771 CRITICAL

SIMATIC CP 1542SP-1, CP 1543SP-1 < V2.4.24 - Unauthenticated Configuration Data Access

CVE-2025-40765 CRITICAL

TeleControl Server Basic V3.1 >= 3.1.2.2 < 3.1.2.3 - Unauthenticated Information Disclosure

CVE-2025-41703 HIGH

Phoenix Contact QUINT4-UPS - Unauthenticated Denial of Service via Modbus Command

CVE-2025-11672 MEDIUM

Uniweb/SoliPACS WebServer - Info Disclosure

CVE-2025-11671 MEDIUM

Uniweb/SoliPACS WebServer - Info Disclosure

CVE-2025-11661 HIGH

oranbyte School Management System - Improper Authentication

CVE-2025-61928 CRITICAL

better-auth < 1.3.26 - Unauthenticated API Key Creation and Modification via User ID Injection

CVE-2025-59246 CRITICAL

Azure Entra ID - Elevation of Privilege via Missing Authentication

CVE-2025-35051 CRITICAL

Newforma Project Center Server - Unauthenticated Remote Code Execution via .NET Deserialization

CVE-2025-35050 CRITICAL

Newforma Project Center - RCE via .NET Deserialization in /remoteweb/remote.rem

CVE-2025-11198 HIGH

Juniper Security Director Policy Enforcer < 23.1R1 Hotpatch v3 - Unauthenticated Image Replacement via vSRX Deployment

Previous Page 22 of 94 Next

Details

Vulnerabilities 2,344

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy