Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,426 vulnerabilities with CWE-306

CVE-2025-36757 MEDIUM

SolaX Cloud - Unauthenticated Administrator Login Bypass via Parameter Tampering

CVE-2025-36756 MEDIUM

SolaX Cloud - Unauthenticated Account Takeover via Serial Number

CVE-2025-7635 HIGH

Calix GigaCenter ONT 844E, 844G, 844GE, 854GE - Unauthenticated Telnet Root Access

CVE-2025-9994 CRITICAL

Amp'ed RF BT-AP 111 - Info Disclosure

CVE-2025-9160 HIGH

Rockwell Automation CompactLogix 5480 - Maintenance Menu Code Execution

CVE-2025-7970 HIGH

FactoryTalk Activation Manager 5.00.00-5.01.01 - Missing Authentication for Critical Function

CVE-2025-42926 MEDIUM

SAP NetWeaver Application Server Java - Unauthenticated Sensitive Information Exposure via Internal File Access

CVE-2025-58443 CRITICAL

fogproject < 1.5.10.1673 - Unauthenticated Database Dump via Authentication Bypass

CVE-2025-7045 MEDIUM

Cloud SAML SSO plugin <1.0.19 - DoS

CVE-2025-52551 CRITICAL

E2 Facility Management Systems - Unauthenticated File Operations

CVE-2025-9815 HIGH

alaneuler batteryKid < 2.1 - Improper Authentication in NSXPCListener

CVE-2025-58318 MEDIUM

Delta Electronics DIAView - Auth Bypass

CVE-2025-7405 HIGH

Mitsubishi Electric Corporation MELSEC iQ-F Series CPU - Info Discl...

CVE-2025-54942 CRITICAL

SUNNET Corporate Training Management System < 10.11 - Unauthenticated Access to Deployment Functionality

CVE-2025-8861 CRITICAL

Changing TSA < 2025/2/6 - Unauthenticated Database Manipulation

CVE-2025-55583 CRITICAL

D-Link DIR-868L B1 - Command Injection

CVE-2025-30048 MEDIUM

CGM CLININET < 2025.MS2 - Unauthenticated Information Disclosure via serverConfig Endpoint

CVE-2025-30041 CRITICAL

CGM CLININET < 2025.MS1 - Unauthenticated Session ID Exposure via User Log Statistics Endpoints

CVE-2025-30040 CRITICAL

CGM CLININET < 2024.MS4 - Unauthenticated Sensitive Data Exposure via userlogxls.pl Endpoint

CVE-2025-30039 CRITICAL

CGM CLININET 2024.MS4 - Unauthenticated Session Takeover

CVE-2025-30037 HIGH

CGM CLININET 2025.MS2 - Unauthenticated Internal Endpoint Access

CVE-2025-25736 MEDIUM

Kapsch RIS-9260 RSU LEO - Unauthenticated Root Shell Access via ADB

CVE-2025-8627 HIGH

TP-Link KP303 Firmware < 1.1.0 - Unauthenticated Protocol Command Injection

CVE-2025-53118 CRITICAL

Securden Unified PAM 9.0-* < 11.3.1 - Unauthenticated Authentication Bypass via Administrator Backup Functions

CVE-2025-55581 HIGH

D-Link DCS-825L <1.08.01 - Code Injection

Previous Page 28 of 98 Next

Details

Vulnerabilities 2,426

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy