Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,430 vulnerabilities with CWE-306

CVE-2024-35151 MEDIUM

IBM OpenPages with Watson 8.3 and 9.0 - Authenticated Sensitive Information Exposure via API Authorization Bypass

CVE-2024-43272 MEDIUM

Icegram < 3.1.24 - Unauthenticated Access to Unpublished Campaigns

CVE-2024-42462 CRITICAL

upKeeper Manager <5.1.9 - Auth Bypass

CVE-2024-6347 MEDIUM

Nissan Altima 2022 Blind Spot Detection Sensor ECU Firmware - Unauthenticated Denial of Service via UDS Session

CVE-2024-7628 HIGH

MStore API < 4.15.2 - Unauthenticated Authentication Bypass via Loose Comparison in verify_id_token

CVE-2024-38143 MEDIUM

Windows WLAN AutoConfig Service - Privilege Escalation

CVE-2024-35124 HIGH

IBM OpenBMC fw1020.00-fw1020.60 - Unauthenticated Administrative Access via Default Password

CVE-2024-7503 CRITICAL

WooCommerce - Social Login <= 2.7.5 - Unauthenticated Authentication Bypass via Loose Activation Code Comparison

CVE-2024-3279 CRITICAL

AnythingLLM < 1.0.0 - Unauthenticated Database Manipulation via Import Endpoint

CVE-2024-32765 MEDIUM

QTS 5.1.0-5.1.8.2823 and QuTS hero h5.1.0-h5.1.8.2823 - Authenticated Privilege Escalation via Network & Virtual Switch

CVE-2024-35143 MEDIUM

IBM Planning Analytics Local 2.0-2.1 - Unauthenticated Database Access via MongoDB

CVE-2024-3219 MEDIUM

CPython <3.8.20, 3.9.0-3.9.19, 3.10.0-3.10.14, 3.11.0-3.11.9, 3.12.0-3.12.4, 3.13.0a1-3.13.0rc0 - Socket Connection Race

CVE-2024-7154 MEDIUM

TOTOLINK A3700R 9.1.2u.5822_B20200513 - Improper Access Control in Password Reset Handler

CVE-2024-7007 CRITICAL

Positron TRA7005 Firmware v1.20 - Unauthenticated Authentication Bypass

CVE-2024-7079 MEDIUM

Openshift Container Platform - Unauthenticated Helm Chart Verification Endpoint Access

CVE-2024-39601 MEDIUM

CPCI85 Central Processing/Communication <5.40 - Privilege Escalation

CVE-2024-38437 CRITICAL

D-Link DSL-225 Firmware - Authentication Bypass via Alternate Path

CVE-2024-6635 HIGH

WooCommerce - Social Login <2.7.3 - Auth Bypass

CVE-2024-6895 MEDIUM

Yugabyte Platform - Privilege Escalation

CVE-2024-21183 HIGH

Oracle WebLogic Server 12.2.1.4.0/14.1.1.0.0 - Unauthenticated Critical Function Access via T3/IIOP

CVE-2024-21146 HIGH

Oracle Trade Management 12.2.3-12.2.13 - Authenticated Unauthorized Data Access and Modification via GL Accounts

CVE-2024-36457 MEDIUM

Symantec Privileged Access Management 3.4.6-4.1.7 - Unauthenticated Authentication Bypass

CVE-2024-5910 CRITICAL KEV

Palo Alto Expedition Remote Code Execution (CVE-2024-5910 and CVE-2024-9464)

CVE-2024-6422 CRITICAL

Pepperl-fuchs OIT Series Firmware <= 2.11.0 - Unauthenticated Remote Manipulation via Telnet

CVE-2024-37767 HIGH

14Finger 1.1 - Unauthenticated Information Disclosure via Admin User API

Previous Page 44 of 98 Next

Details

Vulnerabilities 2,430

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy