Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,428 vulnerabilities with CWE-306

CVE-2025-26344 CRITICAL

Q-Free MaxTime <= 2.11.0 - Unauthenticated Passwordless Guest Mode Enablement via HTTP Request

CVE-2025-26342 CRITICAL

Q-Free MaxTime <= 2.11.0 - Unauthenticated Arbitrary User Creation via HTTP Requests

CVE-2025-26341 CRITICAL

Q-Free MaxTime <= 2.11.0 - Unauthenticated Password Reset via HTTP Request

CVE-2025-26339 CRITICAL

Q-Free MaxTime <= 2.11.0 - Unauthenticated Missing Authentication for Critical Function via HTTP Requests

CVE-2025-21198 CRITICAL

Microsoft HPC Pack 2016 < 2016.3 and 2019 < 6.3.8328.0 - Remote Code Execution

CVE-2025-21559 MEDIUM

MySQL Server < 8.0.40, 8.4.3 and 9.1.0 - Authenticated Denial of Service and Data Manipulation in InnoDB

CVE-2025-21535 CRITICAL

Oracle WebLogic Server 12.2.1.4.0 and 14.1.1.0.0 - Unauthenticated Remote Code Execution via T3, IIOP

CVE-2025-21524 CRITICAL

Oracle JD Edwards EnterpriseOne Tools < 9.2.9.0 - Remote Code Execution via Monitoring and Diagnostics

CVE-2025-21515 HIGH

Oracle JD Edwards EnterpriseOne Tools < 9.2.9.0 - Authenticated Remote Code Execution via Web Runtime SEC

CVE-2025-24456 MEDIUM

JetBrains Hub < 2024.3.55417 - Privilege Escalation via LDAP Authentication Mapping

CVE-2025-0456 CRITICAL

NetVision Information airPASS 2.9.0-2.9.0.241231 and 3.0.0-3.0.0.241231 - Unauthenticated Account and Password Retrieval

CVE-2025-0355 HIGH

NEC Corporation Aterm - Info Disclosure

CVE-2025-21623 HIGH

ClipBucket 5.3-5.5.1-238 - Unauthenticated Path Traversal and Denial of Service via Template Directory

CVE-2024-27892 CRITICAL

Arista EOS OpenConfig with SSL Profiles - gNMI Set Authentication Bypass

CVE-2024-27890 CRITICAL

Arista EOS OpenConfig without SSL Profiles - gNMI Set Authentication Bypass

CVE-2024-54013 HIGH

Hanwha Vision QND-8080R - Authentication Bypass

CVE-2024-58336 MEDIUM

Akuvox Smart Intercom S539 - Unauthenticated Video Stream Access via video.cgi Endpoint

CVE-2024-58300 HIGH

Siklu MultiHaul TG series < 2.0.0 - Unauthenticated Credential Disclosure via Port 12777

CVE-2024-2104 HIGH

JBL LIVE PRO 2 TWS and TUNE FLEX - Unauthenticated Device Control via BLE GATT Server

CVE-2024-49572 HIGH

Socomec DIRIS Digiware M-70 1.6.9 - DoS

CVE-2024-48882 HIGH

Socomec DIRIS Digiware M-70 1.6.9 - Unauthenticated Denial of Service via Modbus TCP Packet

CVE-2024-14007 HIGH

Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 <1.3.4 - Auth B...

CVE-2024-45438 CRITICAL

SpamTitan Email Security Gateway <8.00.101-8.01.14 - Unauthenticate...

CVE-2024-8419 HIGH

ifm Smart PLC AC402s/AC422s/AC424s/AC432s/AC434s 4.04-4.3.16 and 6.1.8 - Unauthenticated Fail-Safe State Activation

CVE-2024-35295 MEDIUM

Perfect Harmony GH180 <8.3.3 - Info Disclosure

Previous Page 36 of 98 Next

Details

Vulnerabilities 2,428

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy