Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,205 vulnerabilities with CWE-306

CVE-2026-33032 CRITICAL

Nginx UI: Unauthenticated MCP Endpoint Allows Remote Nginx Takeover

CVE-2026-34472 HIGH

ZTE ZXHN H188A V6.0.10P2_TE/V6.0.10P3N3_TE - Info Disclosure

CVE-2026-5000 HIGH

PromtEngineer localGPT API Endpoint server.py LocalGPTHandler missing authentication

CVE-2026-34411 MEDIUM

Appsmith < 1.98 Unauthenticated Instance Configuration Disclosure via Management APIs

CVE-2026-4959 HIGH

OpenBMB XAgent ShareServer WebSocket Endpoint share.py check_user missing authentication

CVE-2026-33366 MEDIUM

BUFFALO Wi-Fi router - Auth Bypass

CVE-2026-3527 MEDIUM

AJAX Dashboard - Critical - Access bypass - SA-CONTRIB-2026-022

CVE-2026-24068 HIGH

Missing XPC Client & NSXPC endpoint validation leads to privilege escalation in Vienna Assistant (MacOS) - Vienna Symphonic Library

CVE-2026-1724 MEDIUM

Missing Authentication for Critical Function in GitLab

CVE-2026-32326 MEDIUM

Sharp home 5G HR01 <=38JP_0_490 - Auth Bypass

CVE-2026-2417 CRITICAL

Missing Authentication for Critical Function in Pharos Controls Mosaic Show Controller

CVE-2026-33159 MEDIUM

Craft CMS: Unauthenticated users could execute project configuration sync operations that should be restricted trusted users

CVE-2026-33340 CRITICAL

LoLLMs WEBUI has unauthenticated Server-Side Request Forgery (SSRF) in /api/proxy endpoint

CVE-2026-4649 MEDIUM

Auth bypass in Apache Artemis allows reading all internal messages

CVE-2026-4640 HIGH

Galaxy Software Services｜Vitals ESP - Missing Authentication

CVE-2026-33719 HIGH

WWBN AVideo <=26.0 - Auth Bypass

CVE-2026-31846 MEDIUM

Nexxt Solutions Nebula 300+ <=12.01.01.37 - Info Disclosure

CVE-2026-4582 MEDIUM

Shenzhen HCC Technology MPOS M6 PLUS Bluetooth missing authentication

CVE-2026-4562 HIGH

MacCMS Timming API Endpoint Timming.php weak authentication

CVE-2026-2756 MEDIUM

OmniPEMF NeoRhythm BLE missing authentication

CVE-2026-32896 MEDIUM

OpenClaw < 2026.2.21 - Unauthenticated Webhook Access via Passwordless Fallback in BlueBubbles Plugin

CVE-2026-32064 HIGH

OpenClaw < 2026.2.21 - Missing VNC Authentication in Sandbox Browser noVNC Observer

CVE-2026-33231 HIGH

NLTK has unauthenticated remote shutdown in nltk.app.wordnet_app

CVE-2026-33203 HIGH

SiYuan has an Unauthenticated WebSocket DoS via Auth Keepalive Bypass

CVE-2026-29796 CRITICAL

IGL-Technologies eParking.fi Missing Authentication for Critical Function

Previous Page 5 of 89 Next

Details

Vulnerabilities 2,205

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy