Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,344 vulnerabilities with CWE-306

CVE-2025-10906 HIGH

Magnetism Studios Endurance <3.3.0 - Use After Free

CVE-2025-41716 MEDIUM

WAGO Solution Builder < 2.3.3 - Unauthenticated User Account Enumeration

CVE-2025-41715 CRITICAL

WAGO Device Sphere < 1.1.0 and Solution Builder < 2.3.3 - Unauthenticated Database Access

CVE-2025-57432 CRITICAL

Blackmagic Web Presenter 3.3 - Unauthenticated Remote Command Execution via Telnet Service

CVE-2025-9983 HIGH

GALAYOU G2 - Unauthenticated RTSP Stream Access

CVE-2025-10772 MEDIUM

huggingface LeRobot <0.3.3 - Missing Authentication

CVE-2025-34190 HIGH

Vasion Print Virtual Appliance Host < 25.1.102 & Application < 25.1.1413 - Authentication Bypass

CVE-2025-10672 HIGH

whuan132 AIBattery <1.0.9 - Info Disclosure

CVE-2025-59345 CRITICAL

Dragonfly < 2.1.0 - Unauthenticated Job Manipulation and Denial of Service via Manager API Endpoints

CVE-2025-9971 CRITICAL

Planet Technology Industrial Cellular Gateway - Auth Bypass

CVE-2025-56562 HIGH

Signify Wiz Connected 1.9.1 - Unauthenticated Denial of Service via MAC Address

CVE-2025-59358 HIGH

Chaos Mesh < 2.7.3 - Unauthenticated Denial of Service via GraphQL Debugging Server

CVE-2025-10452 CRITICAL

Statistical Database System - Auth Bypass

CVE-2025-10204 HIGH

LG Electronics AC Smart II - Unauthenticated Administrator Password Change via Hidden Form

CVE-2025-58434 CRITICAL

Flowise <3.0.5 - Privilege Escalation

CVE-2025-10267 MEDIUM

NUP Portal < SP5.0 - Unauthenticated Arbitrary File Upload and Remote Code Execution

CVE-2025-9214 MEDIUM

Lenovo LJ2206W Printer < Ver.D(1.05) - Unauthenticated Info Disclosure & Network Settings Modification via CUPS

CVE-2025-56405 HIGH

litmus mcp_server - Unauthenticated Improper Access Control via SSE Protocol

CVE-2025-36757 MEDIUM

SolaX Cloud - Unauthenticated Administrator Login Bypass via Parameter Tampering

CVE-2025-36756 MEDIUM

SolaX Cloud - Unauthenticated Account Takeover via Serial Number

CVE-2025-7635 HIGH

Calix GigaCenter ONT 844E, 844G, 844GE, 854GE - Unauthenticated Telnet Root Access

CVE-2025-9994 CRITICAL

Amp'ed RF BT-AP 111 - Info Disclosure

CVE-2025-9160 HIGH

Rockwell Automation CompactLogix 5480 - Maintenance Menu Code Execution

CVE-2025-7970 HIGH

FactoryTalk Activation Manager 5.00.00-5.01.01 - Missing Authentication for Critical Function

CVE-2025-42926 MEDIUM

SAP NetWeaver Application Server Java - Unauthenticated Sensitive Information Exposure via Internal File Access

Previous Page 24 of 94 Next

Details

Vulnerabilities 2,344

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy