Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,427 vulnerabilities with CWE-306

CVE-2025-8279 HIGH

GitLab Language Server 7.6.0-7.29.9 - Unauthenticated Arbitrary GraphQL Query Execution

CVE-2025-30126 MEDIUM

Marbella KR8s Dashcam FF 2.0.8 - Info Disclosure

CVE-2025-30135 CRITICAL

IROAD Dashcam FX2 - Info Disclosure

CVE-2025-6260 CRITICAL

Thermostat - Unauthenticated RCE

CVE-2025-48733 HIGH

DuraComm SPM-500 DP-10iN-100-MU < Version 4.10 - Unauthenticated Device Reboot

CVE-2025-7897 HIGH

harry0703 MoneyPrinterTurbo <1.2.6 - Auth Bypass

CVE-2025-7862 HIGH

TOTOLINK T6 4.1.5cu.748_B20211015 - Missing Authentication

CVE-2025-6226 MEDIUM

Mattermost <10.5.7, <10.8.2, <10.7.4, <9.11.17 - Info Disclosure

CVE-2025-34130 HIGH

LILIN DVR <2.0b60_20200207 - Info Disclosure

CVE-2025-34121 CRITICAL

Idera Up.Time Monitoring Station <=7.2 - RCE

CVE-2025-34120 HIGH

LimeSurvey <2.06+ Build 151014 - Info Disclosure

CVE-2025-34119 HIGH

EasyCafe Server <2.2.14 - Info Disclosure

CVE-2025-34117 CRITICAL

Netcore and Netis Router Firmware - Unauthenticated Remote Code Execution via UDP Port 53413 Backdoor

CVE-2025-53938 HIGH

WeGIA < 3.4.5 - Unauthenticated Authentication Bypass via /dao/verificar_recursos_cargo.php Endpoint

CVE-2025-30762 HIGH

Oracle WebLogic Server 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 - Unauthenticated Unauthorized Data Access via T3, IIOP

CVE-2025-34116 HIGH

IPFire < 2.19 Core Update 101 - Authenticated Remote Command Execution via proxy.cgi NCSA User Creation Form

CVE-2025-34115 HIGH

OP5 Monitor <7.1.9 - Command Injection

CVE-2025-34113 HIGH

Tiki Wiki CMS <14.1-6.14 - Command Injection

CVE-2025-34112 CRITICAL

Riverbed SteelCentral NetProfiler & NetExpress <10.8.7 - RCE

CVE-2025-34111 CRITICAL

Tiki Wiki CMS Groupware < 15.1 - Unauthenticated Arbitrary File Upload via ELFinder Connector

CVE-2025-34110 CRITICAL

ColoradoFTP Server < 1.3 Build 8 - Path Traversal

CVE-2025-34104 CRITICAL

Piwik (now Matomo) < 3.0.3 - Authenticated Remote Code Execution via Plugin Upload

CVE-2025-34103 CRITICAL

WePresent WiPG-1000 <2.2.3.0 - Command Injection

CVE-2025-34068 CRITICAL

Samsung WLAN AP WEA453e <5.2.4.T1 - RCE

CVE-2025-52089 HIGH

TOTOLINK N300RB Firmware 8.54 - Authenticated Remote Code Execution via Hidden Debug Interface

Previous Page 30 of 98 Next

Details

Vulnerabilities 2,427

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy