Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,435 vulnerabilities with CWE-306

CVE-2023-39457 CRITICAL

Triangle MicroWorks SCADA Data Gateway - Unauthenticated Remote Code Execution

CVE-2023-38123 HIGH

Inductive Automation Ignition < 8.1.26 - Authentication Bypass via OPC UA Quick Client

CVE-2023-27357 MEDIUM

NETGEAR RAX30 Firmware < 1.0.10.94 - Unauthenticated Information Disclosure via SOAP Request Handling

CVE-2023-47166 HIGH

Milesight UR32L v32.3.0.7-r2 - Unauthenticated Arbitrary Firmware Update via luci2-io File-Import

CVE-2023-51478 CRITICAL

Abdul Hakeem Build App Online <1.0.19 - Privilege Escalation

CVE-2023-4857 HIGH

Lenovo SMM, SMM2, and FPC - Authenticated Authentication Bypass via IPMI Calls

CVE-2023-1083 CRITICAL

Welotec TK515L/TK525L/TK525U/TK525W/TK535L1 < v2.3.0.r5542 - MQTT Spoofing & Command Execution

CVE-2023-25493 MEDIUM

Lenovo BIOS - Authenticated Arbitrary Code Execution via Update Tool Driver

CVE-2023-48426 CRITICAL

Google Chromecast Firmware - Unauthenticated U-Boot Shell Access via UART

CVE-2023-6949 MEDIUM

DJI Mavic Mini 3 Pro - Info Disclosure

CVE-2023-51571 HIGH

Voltronic Power ViewPower Pro - DoS

CVE-2023-37495 MEDIUM

HCL Domino 9.0-14.0 - Weak Password Hashing in Person Documents

CVE-2023-40545 HIGH

PingFederate 11.3 - Unauthenticated OAuth Client Authentication Bypass via Crafted Requests

CVE-2023-6221 HIGH

MachineSense FeverWarn Firmware - Unauthenticated Sensitive Data Exposure via Cloud Provider

CVE-2023-49617 CRITICAL

MachineSense FeverWarn Firmware - Unauthenticated Sensitive Information Exposure and Modification via API

CVE-2023-49115 HIGH

MachineSense FeverWarn Firmware - Unauthenticated MQTT Access

CVE-2023-6942 HIGH

Mitsubishi Electric EZSocket 3.0-5.92 - Unauthenticated Authentication Bypass via Crafted Packets

CVE-2023-51947 CRITICAL

actiNAS SL 2U-8 RDX 3.2.03-SP1 - Info Disclosure

CVE-2023-5716 CRITICAL

ASUS Armoury Crate < 4.1.0.8 - Unauthenticated Arbitrary File Write via HTTP Request

CVE-2023-5253 MEDIUM

Nozomi Networks Guardian and CMC < 23.3.0 - Unauthenticated Asset Data Exposure via Check Point IoT WebSocket Channel

CVE-2023-51062 MEDIUM

QStar Archive Solutions <RELEASE_3-0 Build 7 Patch 0 - Info Disclosure

CVE-2023-31033 MEDIUM

NVIDIA DGX A100 BMC - Privilege Escalation

CVE-2023-49255 CRITICAL

hongdian h8951-4g-esp_firmware < 2310271149 - Unauthenticated Privilege Escalation via Shared Session State

CVE-2023-51987 CRITICAL

D-Link DIR-822+ V1.0.2 - Auth Bypass

CVE-2023-40393 HIGH

macOS < 14.0 - Unauthenticated Hidden Photos Album Access

Previous Page 49 of 98 Next

Details

Vulnerabilities 2,435

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy