Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,428 vulnerabilities with CWE-306

CVE-2024-9062 HIGH

Archify < 1.3.1 - Local Privilege Escalation via XPC Helper Tool

CVE-2024-55585 CRITICAL

moPS App <1.8.618 - Info Disclosure

CVE-2024-46506 CRITICAL

Unauthenticated RCE in NetAlertX

CVE-2024-23815 HIGH

Siemens Desigo CC - Unauthenticated SQL Query Execution via Event Port

CVE-2024-42178 LOW

HCL MyXalytics - Unauthenticated Information Disclosure via Unrestricted URL Access

CVE-2024-41793 HIGH

SENTRON 7KT PAC1260 Data Manager - Unauthenticated SSH Service Enablement via Web Interface

CVE-2024-41791 HIGH

SENTRON 7KT PAC1260 Data Manager - Unauthenticated Critical Function Access via Web Interface

CVE-2024-13553 CRITICAL

SMS Alert Order Notifications < 3.7.9 - Unauthenticated Privilege Escalation via Host Header Spoofing

CVE-2024-56469 MEDIUM

IBM UrbanCode Deploy/DevOps Deploy <7.3.2.10, <8.1.0.1 - Privilege ...

CVE-2024-45356 HIGH

Xiaomi Phone Framework - Privilege Escalation

CVE-2024-45355 MEDIUM

Xiaomi Phone Framework - Privilege Escalation

CVE-2024-45483 HIGH

B&R APROL <4.4-01 - Info Disclosure

CVE-2024-9919 HIGH

lollms_web_ui - Unauthenticated Directory Deletion via Uninstall Endpoint

CVE-2024-8196 CRITICAL

AnythingLLM Desktop < 1.6.5 - Unauthenticated Backend Access via Open Port

CVE-2024-8057 MEDIUM

danswer-ai/danswer < latest - Unauthenticated Privilege Escalation via Connector Credential Linking

CVE-2024-8053 HIGH

open-webui/open-webui <0.3.10 - DoS

CVE-2024-6842 HIGH

mintplex-labs/anything-llm <1.5.5 - Info Disclosure

CVE-2024-12869 MEDIUM

ragflow v0.12.0 - Unauthenticated User Invite List Exposure

CVE-2024-50630 HIGH

Synology Drive Server < 3.0.4-12699 - Unauthenticated Administrator Credential Exposure via WebAPI

CVE-2024-23943 CRITICAL

MB connect line mbCONNECT24 < 2.16.2 and mbNET < 8.2.0 - Unauthenticated Cloud API Access

CVE-2024-13772 MEDIUM

Civi WordPress Theme <= 2.1.6.1 - Unauthenticated Authentication Bypass via Social Login

CVE-2024-13771 CRITICAL

Civi WordPress Theme <= 2.1.4 - Unauthenticated Authentication Bypass

CVE-2024-52285 MEDIUM

SiPass integrated AC5102/ACC-AP <6.4.8 - Info Disclosure

CVE-2024-9658 HIGH

School Management System for Wordpress < 93.0.0 - Authenticated Privilege Escalation via User Detail Update Functions

CVE-2024-31525 HIGH

Peppermint Ticket Management 0.4.6 - Privilege Escalation

Previous Page 37 of 98 Next

Details

Vulnerabilities 2,428

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy