CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,426 vulnerabilities with CWE-306
CVE-2025-11671 MEDIUM
Uniweb/SoliPACS WebServer - Info Disclosure
CVSS 5.3
CVE-2025-11661 HIGH
oranbyte School Management System - Improper Authentication
CVSS 7.3
CVE-2025-61928 CRITICAL
better-auth < 1.3.26 - Unauthenticated API Key Creation and Modification via User ID Injection
CVE-2025-59246 CRITICAL
Azure Entra ID - Elevation of Privilege via Missing Authentication
CVSS 9.8
CVE-2025-35051 CRITICAL
Newforma Project Center Server - Unauthenticated Remote Code Execution via .NET Deserialization
CVSS 9.8
CVE-2025-35050 CRITICAL
Newforma Project Center - RCE via .NET Deserialization in /remoteweb/remote.rem
CVSS 9.8
CVE-2025-11198 HIGH
Juniper Security Director Policy Enforcer < 23.1R1 Hotpatch v3 - Unauthenticated Image Replacement via vSRX Deployment
CVSS 7.4
CVE-2025-11529 HIGH
ChurchCRM < 5.19.0 - Authentication Bypass in AuthMiddleware
CVSS 7.3
CVE-2025-11171 MEDIUM
Chartify - WordPress Chart Plugin <3.5.9 - Auth Bypass
CVSS 5.3
CVE-2025-61778 CRITICAL
Akka.Remote 1.2.0-1.5.51 - Authentication Bypass via Missing Mutual TLS Enforcement
CVE-2025-61777 CRITICAL
FlagForge 2.0.0-2.3.1 - Unauthenticated Improper Access Control in Badge Template Endpoints
CVSS 9.4
CVE-2025-10746 MEDIUM
Integrate Dynamics 365 CRM <1.0.9 - Auth Bypass
CVSS 6.5
CVE-2025-61673 HIGH
Karapace 5.0.0-5.0.1 - Unauthenticated Authentication Bypass via Missing Authorization Header
CVSS 8.6
CVE-2025-23293 HIGH
NVIDIA Delegated Licensing Service - Info Disclosure
CVSS 8.7
CVE-2025-10991 HIGH
Tapo D230S1 <1.2.2 - Privilege Escalation
CVE-2025-34232 MEDIUM
Vasion Print Virtual Appliance < 25.1.102/25.1.1413 - Blind SSRF via dellCheck.php
CVSS 5.3
CVE-2025-34231 HIGH
Vasion Print Virtual Appliance <25.1.102 & Application <25.1.1413 - SSRF via HP Badge Setup
CVSS 8.6
CVE-2025-34230 MEDIUM
Vasion Print Virtual Appliance < 25.1.102 & Application < 25.1.1413 - Blind SSRF via HP Log Off SSO
CVSS 5.8
CVE-2025-34229 MEDIUM
Vasion Print Virtual Appliance < 25.1.102 - Unauthenticated Blind SSRF via hp/installApp.php
CVSS 5.8
CVE-2025-34228 HIGH
Vasion Print Virtual Appliance < 25.1.102 - Unauthenticated SSRF via Lexmark Update Script
CVSS 8.6
CVE-2025-34225 HIGH
Vasion Print Virtual Appliance Host < 25.1.102 & Application < 25.1.1413 - SSRF via console_release
CVSS 8.6
CVE-2025-34224 CRITICAL
Vasion Print Virtual Appliance Host < 22.0.1049 and Application < 20.0.2786 - Unauthenticated Device Modification
CVSS 9.1
CVE-2025-34223 CRITICAL
Vasion Print Virtual Appliance Host < 22.0.1049 and Application < 20.0.2786 - Unauthenticated Admin Credential Overwrite
CVSS 9.8
CVE-2025-34222 CRITICAL
Vasion Print Virtual Appliance Host < 22.0.1049 and Application < 20.0.2786 - Unauthenticated Admin API Access
CVSS 9.1
CVE-2025-34221 CRITICAL
Vasion Print Virtual Appliance <25.2.169 & Application <25.2.1518 - Unauthenticated Remote Access
CVSS 9.8
Details
Vulnerabilities 2,426
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits