Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,428 vulnerabilities with CWE-306

CVE-2024-57055 MEDIUM

WombatDialer < 25.02 - Unauthenticated Server-Side Access Control Bypass

CVE-2024-57725 MEDIUM

Arcadyan Livebox Fibra PRV3399B_B_LT - Info Disclosure

CVE-2024-10649 MEDIUM

wandb/openui < latest - Unauthenticated Arbitrary File Upload and Download via S3 Endpoints

CVE-2024-54176 MEDIUM

IBM DevOps Deploy <8.0.1.4, UCD <7.3.2 - Info Disclosure

CVE-2024-36555 CRITICAL

Forever KidsWatch - Privilege Escalation

CVE-2024-9644 CRITICAL

Four-Faith F3x36 Firmware v2.0.0 - Authentication Bypass via bapply.cgi Endpoint

CVE-2024-12511 HIGH

Xerox VersaLink - Unauthenticated SMB/FTP Settings Modification via Address Book Access

CVE-2024-12957 HIGH

ASUS Armoury Crate 2.3.4.0-5.9.9.0 - Unauthenticated Arbitrary File Deletion

CVE-2024-12857 CRITICAL

AdForest < 5.1.8 - Unauthenticated Authentication Bypass via OTP Login

CVE-2024-12757 HIGH

Nedap Librix Ecoreader - Unauthenticated Remote Code Execution

CVE-2024-39773 MEDIUM

Wavlink AC3000 M33A8.V5030.210505 - Unauthenticated Information Disclosure via testsave.sh

CVE-2024-39608 CRITICAL

Wavlink AC3000 M33A8.V5030.210505 - Unauthenticated Arbitrary Firmware Update via login.cgi

CVE-2024-39273 CRITICAL

Wavlink AC3000 M33A8.V5030.210505 - Unauthenticated Arbitrary Firmware Update via fw_check.sh

CVE-2024-35277 HIGH

FortiManager 6.4.0-6.4.14, 7.0.0-7.0.12, 7.2.0-7.2.5, 7.4.0-7.4.2 - Unauthenticated Access to Config

CVE-2024-12847 CRITICAL

NETGEAR DGN1000 < 1.1.00.48 - Unauthenticated OS Command Injection via setup.cgi

CVE-2024-13186 HIGH

vivo MinigameCenter < 2.2.4.0 - Information Disclosure via URL Loading

CVE-2024-13185 HIGH

vivo MinigameCenter < 2.3.5.0 - Information Disclosure via URL Loading

CVE-2024-13173 HIGH

Health Module <unknown - Info Disclosure

CVE-2024-55538 MEDIUM

Acronis True Image <41725-41736 - Info Disclosure

CVE-2024-12106 CRITICAL

WhatsUp Gold 23.1.0-24.0.1 - Unauthenticated LDAP Settings Modification

CVE-2024-56799 CRITICAL

TrueWinter simofa < 0.2.7 - Unauthenticated Access to Restricted API Routes

CVE-2024-7726 MEDIUM

Kioxia CM6, PM6 and PM7 Firmware - Unauthenticated Physical Access via JTAG Debug Port

CVE-2024-54984 CRITICAL

Quectel BG96 BG96MAR02A08M1G - Auth Bypass

CVE-2024-54983 CRITICAL

Quectel BC95-CNV <V100R001C00SPC051 - Auth Bypass

CVE-2024-12371 CRITICAL

Rockwell Automation Power Monitor 1000 - Privilege Escalation

Previous Page 38 of 98 Next

Details

Vulnerabilities 2,428

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy