Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,343 vulnerabilities with CWE-306

CVE-2026-46824 CRITICAL

Oracle Universal Work Queue 12.2.3-12.2.15 - Remote Code Execution via Work Provider

CVE-2026-46817 CRITICAL

Oracle Payments 12.2.3-12.2.15 - Unauthenticated Remote Code Execution via File Transmission

CVE-2026-47136 MEDIUM

RustFS: Unauthenticated RustFS console license endpoint exposes license metadata

CVE-2026-46685 MEDIUM

RustFS: Reflective CORS with credentials on S3 listener; unauthenticated license metadata endpoint on console

CVE-2026-45332 HIGH

Automad Broken Access Control: unauthenticated exposure of administrator bcrypt password hashes and TOTP secrets via public API endpoint

CVE-2026-45044 HIGH

RustFS Profile Handlers - Authentication Bypass

CVE-2026-8697 HIGH

Improper Authentication Rate Limiting on TP-Link's Archer C64

CVE-2026-45083 CRITICAL

Goobi viewer: Unauthenticated Solr Streaming Expression Proxy

CVE-2026-8364 CRITICAL

Gladinet Triofox Missing Authentication for Critical Functions

CVE-2026-45089 HIGH

Dalfox: Unauthenticated Arbitrary File Create/Append via `output` Option in Dalfox Server Mode

CVE-2026-45088 HIGH

Dalfox: Unauthenticated Arbitrary File Read with Out-of-Band Exfiltration via `custom-payload-file` in Dalfox Server Mode

CVE-2026-45087 CRITICAL

Dalfox: Unauthenticated Remote Code Execution via `found-action` in Dalfox Server Mode

CVE-2026-44460 HIGH

FileRise: TOTP Bypass via Setup Endpoint Disclosing Existing Secret

CVE-2026-44329 CRITICAL

free5GC: SMF UPI management interface lacks auth middleware; unauthenticated topology read/write requests reach handlers

CVE-2026-44328 HIGH

free5GC: SMF UPI DELETE /upi/v1/upNodesLinks/{ref} panics on AN-node deletion via nil UPF dereference; unauthenticated, state-mutating

CVE-2026-44327 CRITICAL

free5GC: NEF nnef-oam route group is unauthenticated; no-token requests reach the OAM handler

CVE-2026-44321 HIGH

free5GC: SMF UPI POST /upi/v1/upNodesLinks exits the SMF process on overlapping UE pools (unauthenticated, reachable Fatalf)

CVE-2026-44320 HIGH

free5GC: NEF nnef-callback route group is unauthenticated; forged callback requests are accepted into the processing path

CVE-2026-44830 HIGH

Empty API_TOKEN disables authentication on network-reachable HTTP/SSE transport

CVE-2026-44895 CRITICAL

GitLab MCP Server: SSE transport has no authentication and wildcard CORS, exposing all GitLab tools

CVE-2026-47672 MEDIUM

epa4all-client: Unauthenticated REST API for Patient Record Writes

CVE-2026-44847 HIGH

MaxKB: Webhook Trigger Authentication Bypass

CVE-2026-44775 MEDIUM

Kavita: No authentication at /api/Reader/image

CVE-2026-44668 CRITICAL

Faction: Unauthenticated Read, Modify, and Delete of Boilerplate Templates

CVE-2026-48692 HIGH

FastNetMon Community Edition <= 1.2.9 - Unauthenticated Remote Code Execution via gRPC API

Previous Page 3 of 94 Next

Details

Vulnerabilities 2,343

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy