Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,205 vulnerabilities with CWE-306

CVE-2026-34160 HIGH

Chamilo LMS: Unauthenticated SSRF via PENS Plugin allows attacker to probe internal network and reach cloud metadata services

CVE-2026-33715 HIGH

Chamilo LMS has Unauthenticated SSRF and Open Email Relay via install.ajax.php test_mailer action

CVE-2026-26160 HIGH

Remote Desktop Licensing Service Elevation of Privilege Vulnerability

CVE-2026-26159 HIGH

Remote Desktop Licensing Service Elevation of Privilege Vulnerability

CVE-2026-40289 CRITICAL

PraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension sessions

CVE-2026-4810 CRITICAL

Remote Code Execution in Google Agent Development Kit (ADK)

CVE-2026-6129 HIGH

zhayujie chatgpt-on-wechat CowAgent Agent Mode Service missing authentication

CVE-2026-6126 HIGH

zhayujie chatgpt-on-wechat CowAgent Administrative HTTP Endpoint missing authentication

CVE-2026-5724 MEDIUM

Missing Authentication on Streaming gRPC Replication Endpoint

CVE-2026-40184 LOW

Unauthenticated Access to Uploaded Files in TREK

CVE-2026-5777 HIGH

Security Misconfiguration Vulnerability in Atom 3x Projector

CVE-2026-39848 MEDIUM

Dockyard's Unauthenticated Cron Endpoint in Dockyard Enables Container Enumeration and Database Manipulation

CVE-2026-33788 HIGH

Junos OS Evolved: Local, authenticated attacker can gain privileged access to FPCs

CVE-2026-4436 HIGH

GPL Odorizers GPL750 Missing Authentication for Critical Function

CVE-2026-39987 CRITICAL KEV

marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass

CVE-2026-39393 HIGH

Post-Installation Re-entry via Cache-Dependent Install Guard Bypass in ci4ms

CVE-2026-5300 MEDIUM

Missing Authentication for Critical Function in coolercontrold

CVE-2026-39363 HIGH

Vite Affected by Arbitrary File Read via Vite Dev Server WebSocket

CVE-2026-35584 MEDIUM

FreeScout has an Unauthenticated IDOR in Open Tracking Endpoint Allows Cross-Conversation Thread Manipulation and Enumeration

CVE-2026-35523 HIGH

Authentication bypass in strawberry-graphql via legacy graphql-ws WebSocket subprotocol

CVE-2026-22679 CRITICAL

Weaver E-cology 10.0 Unauthenticated RCE via dubboApi Debug Endpoint

CVE-2026-1900 MEDIUM

Link Whisper Free < 0.9.1 - Unauthenticated Settings and User Meta Update

CVE-2026-35450 MEDIUM

WWBN AVideo has Unauthenticated FFmpeg Remote Server Status Disclosure via check.ffmpeg.json.php

CVE-2026-5676 HIGH

Totolink A8000R cstecgi.cgi setLanguageCfg missing authentication

CVE-2026-26027 HIGH

GLPI has an Unauthenticated Stored XSS via inventory

Previous Page 3 of 89 Next

Details

Vulnerabilities 2,205

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy