Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,430 vulnerabilities with CWE-306

CVE-2024-1076 MEDIUM

SSL Zen < 4.6.0 - Unauthenticated Private Key Exposure via Directory Listing

CVE-2024-2860 HIGH

Brocade SANnav < 2.3.0a - Unauthenticated PostgreSQL Database Access

CVE-2024-3661 HIGH

FortiClient 6.4.0-7.2.4 - Unauthenticated VPN Traffic Leak via DHCP Classless Static Route Option

CVE-2024-32764 CRITICAL

myQNAPcloud Link <2.4.51 - Privilege Escalation

CVE-2024-21846 MEDIUM

Electrolink Compact DAB and FM Transmitters - Denial of Service via Crafted GET Request

CVE-2024-1491 HIGH

Electrolink Compact DAB Transmitter - Unauthenticated Arbitrary Code Execution via MPFS File System Binary Image Upload

CVE-2024-21014 CRITICAL

Oracle Hospitality Simphony 19.1.0-19.5.4 - Unauthenticated Remote Code Execution via HTTP

CVE-2024-21007 HIGH

Oracle WebLogic Server 12.2.1.4.0/14.1.1.0.0 - Unauthenticated Critical Function Access via T3/IIOP

CVE-2024-21006 HIGH

Oracle WebLogic Server 12.2.1.4.0 and 14.1.1.0.0 - Unauthenticated Unauthorized Data Access via T3, IIOP

CVE-2024-3701 CRITICAL

Tecno HIOS - Improper Authentication in System Application Component

CVE-2024-3777 CRITICAL

Ai3 QbiBot - Unauthenticated Password Reset via Password Reset Feature

CVE-2024-3774 MEDIUM

aEnrich a+HRD - Unauthenticated Sensitive Information Exposure via System Configuration Parameter

CVE-2024-30391 MEDIUM

Juniper Junos OS Unauthenticated Missing Authentication in Packet Forwarding Engine

CVE-2024-26235 HIGH

Windows Server 2022 23H2 < 10.0.25398.830 - Elevation of Privilege via Windows Update Stack

CVE-2024-3281 HIGH

HP Poly CCX 350/400/500/505/600/700 >=8.0.2.3267 <8.1.3.1301 - Unauthenticated Critical Function Access

CVE-2024-31218 CRITICAL

Webhood <0.9.0 - Missing Authentication

CVE-2024-2921 CRITICAL

Dovolations Server <2024.1.10.0 - Privilege Escalation

CVE-2024-28179 CRITICAL

Jupyter Server Proxy < 3.2.3 and 4.0.0-4.1.1 - Unauthenticated Remote Code Execution via WebSocket Endpoint

CVE-2024-24578 CRITICAL

RaspberryMatic unauthenticated Remote Code Execution vulnerability through HMServer File Upload.

CVE-2024-21824 MEDIUM

Brother Industries - Privilege Escalation

CVE-2024-22513 MEDIUM

djangorestframework-simplejwt <5.3.1 - Info Disclosure

CVE-2024-2450 HIGH

Mattermost <8.1.10, <9.2.6, <9.3.2, <9.4.3 - Privilege Escalation

CVE-2024-27758 HIGH

RPyC 4.0.0-5.9.9 - Remote Code Execution via __array__ Attribute

CVE-2024-2076 MEDIUM

CodeAstro House Rental Management System 1.0 - Missing Authentication in booking.php/owner.php/tenant.php

CVE-2024-26263 MEDIUM

EBM Technologies RISWEB 1.0-3.0 - Unauthenticated Sensitive Data Exposure via Unprotected URL Path

Previous Page 46 of 98 Next

Details

Vulnerabilities 2,430

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy