Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,426 vulnerabilities with CWE-306

CVE-2025-34220 MEDIUM

Vasion Print Virtual Appliance Host < 25.1.102 and Application < 25.1.1413 - Unauthenticated Group Enumeration

CVE-2025-34218 CRITICAL

Vasion Print Virtual Appliance Host < 22.0.1049 and Application < 20.0.2786 - Unauthenticated Docker Instance Exposure

CVE-2025-34216 CRITICAL

Vasion Print Virtual Appliance < 22.0.1026 & Application < 20.0.2702 - RCE via API APP_KEY Disclosure

CVE-2025-34215 CRITICAL

Vasion Print Virtual Appliance < 22.0.1026 / Application < 20.0.2702 - RCE via Firmware Update

CVE-2025-34207 CRITICAL

Vasion Print Virtual Appliance Host < 22.0.1049 and Application < 20.0.2786 - Insecure SSH Configuration

CVE-2025-11130 HIGH

iHongRen pptp-vpn 1.0/1.0.1 - Missing Authentication

CVE-2025-60251 MEDIUM

Unitree Go2-G1-H1-B2 - Info Disclosure

CVE-2025-10906 HIGH

Magnetism Studios Endurance <3.3.0 - Use After Free

CVE-2025-41716 MEDIUM

WAGO Solution Builder < 2.3.3 - Unauthenticated User Account Enumeration

CVE-2025-41715 CRITICAL

WAGO Device Sphere < 1.1.0 and Solution Builder < 2.3.3 - Unauthenticated Database Access

CVE-2025-57432 CRITICAL

Blackmagic Web Presenter 3.3 - Unauthenticated Remote Command Execution via Telnet Service

CVE-2025-9983 HIGH

GALAYOU G2 - Unauthenticated RTSP Stream Access

CVE-2025-10772 MEDIUM

huggingface LeRobot <0.3.3 - Missing Authentication

CVE-2025-34190 HIGH

Vasion Print Virtual Appliance Host < 25.1.102 & Application < 25.1.1413 - Authentication Bypass

CVE-2025-10672 HIGH

whuan132 AIBattery <1.0.9 - Info Disclosure

CVE-2025-59345 CRITICAL

Dragonfly < 2.1.0 - Unauthenticated Job Manipulation and Denial of Service via Manager API Endpoints

CVE-2025-9971 CRITICAL

Planet Technology Industrial Cellular Gateway - Auth Bypass

CVE-2025-56562 HIGH

Signify Wiz Connected 1.9.1 - Unauthenticated Denial of Service via MAC Address

CVE-2025-59358 HIGH

Chaos Mesh < 2.7.3 - Unauthenticated Denial of Service via GraphQL Debugging Server

CVE-2025-10452 CRITICAL

Statistical Database System - Auth Bypass

CVE-2025-10204 HIGH

LG Electronics AC Smart II - Unauthenticated Administrator Password Change via Hidden Form

CVE-2025-58434 CRITICAL

Flowise <3.0.5 - Privilege Escalation

CVE-2025-10267 MEDIUM

NUP Portal < SP5.0 - Unauthenticated Arbitrary File Upload and Remote Code Execution

CVE-2025-9214 MEDIUM

Lenovo LJ2206W Printer < Ver.D(1.05) - Unauthenticated Info Disclosure & Network Settings Modification via CUPS

CVE-2025-56405 HIGH

litmus mcp_server - Unauthenticated Improper Access Control via SSE Protocol

Previous Page 27 of 98 Next

Details

Vulnerabilities 2,426

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy