CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,427 vulnerabilities with CWE-306
CVE-2025-34102 CRITICAL
CryptoLog PHP - Unauthenticated Remote Code Execution via SQL Injection and Command Injection
CVE-2025-34101 CRITICAL
Serviio Media Server <1.8 - Command Injection
CVE-2025-34100 CRITICAL
BuilderEngine 3.5.0 - Code Injection
CVE-2025-53378 HIGH
Trend Micro WFBSS Agent - Missing Authentication Remote Takeover
CVSS 7.6
CVE-2025-3498 CRITICAL
Radiflow iSAP Smart Collector - Info Disclosure
CVSS 9.9
CVE-2025-34077 CRITICAL
WordPress Pie Register <3.7.1.4 - Auth Bypass
CVE-2025-7031 MEDIUM
Config Pages Viewer < 1.0.4 - Unauthenticated Access Control Bypass
CVSS 5.3
CVE-2025-48814 HIGH
Windows Remote Desktop Licensing Service - Privilege Escalation
CVSS 7.5
CVE-2025-40736 CRITICAL
SINEC NMS < 4.0 - Unauthenticated Administrative Credential Modification
CVSS 9.8
CVE-2025-25268 HIGH
Phoenixcontact Phoenix Contact CHARX SEC-3000/3050/3100/3150 Firmware <= 1.7.3 - Missing Authentication
CVSS 8.8
CVE-2025-7115 HIGH
rowboatlabs rowboat <8096eaf63b5a0732edd8f812bee05b78e214ee97 - Aut...
CVSS 7.3
CVE-2025-7114 HIGH
SimStudioAI sim < 0.2.1 - Missing Authentication in Session Handler
CVSS 7.3
CVE-2025-34089 CRITICAL
Remote for Mac <= 2025.7 - Unauthenticated Remote Code Execution via X-Script Header
CVE-2025-34079 HIGH
NSClient++ <0.5.2.35 - Authenticated RCE
CVSS 7.8
CVE-2025-45814 CRITICAL
NovelSat NS3000 and NS2000 Firmware - Unauthenticated Session Hijacking via query.fcgi Endpoint
CVSS 9.8
CVE-2025-34073 CRITICAL
stamparm/maltrail <=0.54 - Command Injection
CVE-2025-34071 CRITICAL
GFI Kerio Control 9.4.5 - Authenticated Remote Code Execution via Firmware Upgrade Feature
CVSS 9.8
CVE-2025-34070 CRITICAL
GFI Kerio Control 9.4.5 - Privilege Escalation
CVSS 9.8
CVE-2025-34069 CRITICAL
GFI Kerio Control 9.4.5 - Auth Bypass
CVSS 9.8
CVE-2025-34057 HIGH
Ruijie NBR Router - Unauthenticated Administrative Credential Disclosure via /WEB_VMS/LEVEL15/ Endpoint
CVE-2025-6920 MEDIUM
Red Hat AI Inference Server - Unauthenticated API Access via /invocations Endpoint
CVSS 5.3
CVE-2025-41656 CRITICAL
Pilz IndustrialPI Node-RED - Unauthenticated Command Execution
CVSS 10.0
CVE-2025-6916 HIGH
TOTOLINK T6 4.1.5cu.748_B20211015 - Missing Authentication via Form_Login
CVSS 8.8
CVE-2025-5310 CRITICAL
Dover Fueling Solutions ProGauge MagLink LX - RCE
CVSS 9.8
CVE-2025-6763 HIGH
Comet System T0510, T3510, T3511, T4511, T6640, T7511, T7611, P8510, P8552 & H3531 1.60 - Missing Authentication
CVSS 8.1
Details
Vulnerabilities 2,427
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits