CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,343 vulnerabilities with CWE-306
CVE-2026-9371 MEDIUM
ItzCrazyKns Vane API route.ts missing authentication
CVSS 5.6
CVE-2026-9152 CRITICAL
Unauthenticated SOAP Endpoint in Altium 365 SearchService Allows Cross-Tenant Data Exfiltration and Index Destruction
CVE-2026-9141 CRITICAL
Taiko AG1000-01A Rev 7.3/8 Authentication Bypass via Web Interface
CVSS 9.8
CVE-2026-39310 HIGH
Trilium Notes: Authentication Bypass in Clipper API for Electron (Desktop) Builds
CVSS 8.6
CVE-2026-20223 CRITICAL
Cisco Secure Workload Unauthorized API Access Vulnerability
CVSS 10.0
CVE-2026-8602 CRITICAL
Missing authentication for critical function in ScadaBR
CVSS 9.1
CVE-2026-8706 MEDIUM
Sensitive user data could be leaked to other applications through Reader mode
CVSS 6.5
CVE-2026-31071 CRITICAL
LalanaChami Pharmacy Management System - Unauthenticated Critical Function Access via API Endpoints
CVSS 9.1
CVE-2026-8737 MEDIUM
Sanluan PublicCMS Trade Address Query TradeAddressListDirective.java execute missing authentication
CVSS 5.3
CVE-2026-45397 MEDIUM
Open WebUI: Unauthenticated RAG Configuration Disclosure
CVSS 5.3
CVE-2026-45248 MEDIUM
Hedera Guardian Authentication Bypass Information Disclosure
CVSS 5.3
CVE-2026-44592 CRITICAL
Gradient: Unauthenticated worker on /proto → arbitrary NAR write / cache poisoning
CVSS 9.4
CVE-2026-42283 HIGH
DevSpace UI Server WebSocket CheckOrigin does not validate source
CVSS 7.7
CVE-2026-0247 MEDIUM
Prisma Access Agent Endpoint DLP: Authorization Bypass Vulnerabilities
CVE-2026-42289 HIGH
ChurchCRM: Cross-Site Request Forgery (CSRF) Leading to Admin Privilege Escalation
CVSS 8.8
CVE-2026-42303 MEDIUM
Fides: Privacy Request Identity Verification Bypass Vulnerability via Duplicate Detection
CVE-2026-31245 MEDIUM
mem0 1.0.0 - Unauthenticated Arbitrary Memory Record Creation via Memory Creation API Endpoint
CVSS 5.3
CVE-2026-31244 MEDIUM
mem0 1.0.0 - Missing Authentication
CVSS 6.5
CVE-2026-31243 MEDIUM
mem0 1.0.0 - Unauthenticated SQL Statement Execution via DELETE /memories Endpoint
CVSS 6.5
CVE-2026-31242 CRITICAL
mem0 v1.0.0 - Unauthenticated SQL Injection via DELETE /memories Endpoint
CVSS 9.1
CVE-2026-31241 MEDIUM
mem0 1.0.0 - Unauthenticated Memory Deletion via DELETE /memories Endpoint
CVSS 6.5
CVE-2026-31240 HIGH
mem0 1.0.0 - Unauthenticated Memory Record Manipulation via Memory Management API
CVSS 7.5
CVE-2026-5029 HIGH
RCE in Code Runner MCP Server
CVE-2026-22924 CRITICAL
SIMATIC CN 4100 < V5.0 - Unauthenticated Resource Exhaustion
CVSS 9.1
CVE-2026-43881 MEDIUM
WWBN AVideo <= 29.0 - Unauthenticated User Enumeration
CVSS 5.3
Details
Vulnerabilities 2,343
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits