Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,428 vulnerabilities with CWE-306

CVE-2025-4268 MEDIUM

TOTOLINK A720R 4.1.5cu.374 - Auth Bypass

CVE-2025-1495 MEDIUM

IBM Business Automation Workflow 24.0.0-24.0.1 IF001 - Unauthenticated Sensitive Information Exposure

CVE-2025-24271 MEDIUM

iPadOS < 17.7.6 - Unauthenticated AirPlay Command Execution via Network Access

CVE-2025-4019 HIGH

novel-plus < 5.1.1 - Missing Authentication in GeneratorController genCode Function

CVE-2025-4018 MEDIUM

novel-plus < 5.1.1 - Missing Authentication in CrawlController addCrawlSource

CVE-2025-4015 MEDIUM

novel-plus < 5.1.1 - Missing Authentication in SessionController

CVE-2025-46275 CRITICAL

WGS-80HPT-V2 & WGS-4215-8T2S - Auth Bypass

CVE-2025-34028 CRITICAL KEV

Commvault Command Center Innovation Release <11.38.20 - Path Traversal

CVE-2025-32377 MEDIUM

Rasa Pro 3.9.0-3.9.19, 3.10.0-3.10.18, 3.11.0-3.11.6, 3.12.0-3.12.5 - Unauthenticated Voice Data Submission

CVE-2025-32433 CRITICAL KEV

Erlang OTP Pre-Auth RCE Scanner and Exploit

CVE-2025-27538 LOW

Mattermost <10.5.1-9.11.9 - Privilege Escalation

CVE-2025-30215 CRITICAL

NATS-Server <2.10.27, 2.11.1 - Info Disclosure

CVE-2025-32782 MEDIUM

Ash Authentication < 4.7.0 - Unauthenticated Account Confirmation via Email Link Auto-Follow

CVE-2025-30727 CRITICAL

Oracle E-Business Suite 12.2.3-12.2.14 - Unauthenticated Remote Code Execution via iSurvey Module

CVE-2025-2567 CRITICAL

Lantronix Xport 6.5.0.7 through 7.0.0.3 - Missing Authentication for Critical Function

CVE-2025-0129 CRITICAL

Palo Alto Networks Prisma Access Browser - Privilege Escalation

CVE-2025-3474 MEDIUM

Drupal Panels < 4.9 - Unauthenticated Access Control Bypass via Incorrectly Configured Security Levels

CVE-2025-29870 HIGH

Wi-Fi AP UNIT AC-WPS-11ac - Info Disclosure

CVE-2025-3248 CRITICAL KEV

Langflow AI - Unauthenticated Remote Code Execution

CVE-2025-32357 MEDIUM

Zammad 6.4.0-6.4.1 - Authenticated Unauthorized Knowledge Base Content Access via API

CVE-2025-0257 MEDIUM

HCL DevOps Deploy/HCL Launch - Info Disclosure

CVE-2025-25060 HIGH

AssetView and AssetView CLOUD < 13.2.4.3408 and < 13.3.4.3004 - Unauthenticated Arbitrary File Read and Delete

CVE-2025-0256 MEDIUM

HCL DevOps Deploy/HCL Launch - Info Disclosure

CVE-2025-25068 HIGH

Mattermost <10.4.2-10.5.0 - Auth Bypass

CVE-2025-30111 HIGH

IROAD v9 - Unauthenticated Video Footage and Live Stream Access

Previous Page 34 of 98 Next

Details

Vulnerabilities 2,428

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy