Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,427 vulnerabilities with CWE-306

CVE-2025-3699 CRITICAL

Mitsubishi Electric Corporation - Missing Authentication

CVE-2025-1754 MEDIUM

GitLab CE/EE <17.11.5, <18.0.3, <18.1.1 - Unauthenticated File Upload

CVE-2025-6678 HIGH

Autel MaxiCharger AC Wallbox Commercial - Unauthenticated Information Disclosure via Pile API

CVE-2025-32978 HIGH

Quest KACE SMA <14.1.101 - Unauth DoS

CVE-2025-3090 HIGH

Unknown Device - Info Disclosure/DoS

CVE-2025-48469 CRITICAL

Advantech WISE-4000 LAN Firmware Update - Unauthenticated Firmware Upload

CVE-2025-34039 CRITICAL

Yonyou UFIDA NC <6.5 - Code Injection

CVE-2025-3319 HIGH

IBM Spectrum Protect Server <8.1.27 - Auth Bypass

CVE-2025-32879 HIGH

COROS PACE 3 Firmware < 3.0808.0 - Unauthenticated BLE Connection and Device Control

CVE-2025-32876 MEDIUM

COROS PACE 3 Firmware < 3.0808.0 - Unauthenticated BLE Legacy Pairing Key Guessing

CVE-2025-32896 MEDIUM

Apache SeaTunnel <= 2.3.10 - Unauthenticated Arbitrary File Read and Deserialization via Hazelcast REST API

CVE-2025-25265 MEDIUM

WAGO CC100, PFC100, PFC200, TP600 - Unauthenticated Arbitrary File Read via Configuration Web Application

CVE-2025-49596 CRITICAL

MCP Inspector < 0.14.1 - Unauthenticated Remote Code Execution via Stdio Command Injection

CVE-2025-5906 HIGH

code-projects Laundry System 1.0 - Missing Authentication in /data/ Endpoint

CVE-2025-26468 HIGH

CyberData 011209 SIP Emergency Intercom < 22.0.1 - Unauthenticated Denial of Service

CVE-2025-49652 CRITICAL

BackendAI < 25.15.6 - Unauthenticated User Registration Bypass

CVE-2025-5876 MEDIUM

Lucky LM-520-SC,LM-520-FSC,Lucky LM-520-FSC-SAM <20250321 - Missing...

CVE-2025-5872 MEDIUM

eGauge EG3000 Energy Monitor <3.6.3 - Missing Authentication

CVE-2025-5871 MEDIUM

Papendorf SOL Connect Center 3.3.0.0 - Auth Bypass

CVE-2025-3461 CRITICAL

onsemi Quantenna Wi-Fi Firmware - Unauthenticated Remote Access via Telnet Interface

CVE-2025-5192 HIGH

Scshr HR Portal < 7.3.2025.0408 - Missing Authentication

CVE-2025-5719 MEDIUM

vivo Wallet < 5.1.8.0 - Unauthenticated Authentication Bypass

CVE-2025-5715 LOW

Signal 7.41.4 - Missing Critical Step in Biometric Authentication

CVE-2025-1701 HIGH

MIM Admin Service RMI - Local Code Execution

CVE-2025-47272 MEDIUM

CE Phoenix eCommerce <1.1.0.3 - Auth Bypass

Previous Page 32 of 98 Next

Details

Vulnerabilities 2,427

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy