Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,343 vulnerabilities with CWE-306

CVE-2026-42864 CRITICAL

FireFighter: Unauthenticated SSRF in Raid jira_bot endpoint allows IAM credential theft

CVE-2026-44413 HIGH

JetBrains TeamCity - Authenticated Server API Unauthorized Access

CVE-2026-42856 HIGH

Network-AI: Missing authentication on MCP HTTP endpoint allows unauthenticated privileged tool calls

CVE-2026-42312 MEDIUM

pyload-ng: non-admin SETTINGS users can disable outbound TLS peer verification

CVE-2026-42569 CRITICAL

phpvms: /importer authorization bypass causing full database wipe

CVE-2026-8185 MEDIUM

UGREEN CM933 Administrative missing authentication

CVE-2026-42302 CRITICAL

FastGPT: Unauthenticated Remote Code Execution (RCE) via code-server Misconfiguration in agent-sandbox

CVE-2026-42176 MEDIUM

Scoold: Persistent Admin Takeover by Overwriting the admins Configuration Setting via Forged JWT (missing `jti` validation)

CVE-2026-44338 HIGH

PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution

CVE-2026-6736 MEDIUM

GitHub Enterprise Server Signup - External Identity Provider Bypass

CVE-2026-7415 CRITICAL

Open MQTT orchestration without read/write ACLs in Yarbo robot firmware

CVE-2026-8031 MEDIUM

PicoTronica e-Clinic Healthcare System ECHS API Endpoint patient-records missing authentication

CVE-2026-41930 CRITICAL

Vvveb < 1.0.8.2 Hard-coded Credentials Information Disclosure via phpMyAdmin

CVE-2026-7844 MEDIUM

chatchat-space Langchain-Chatchat Compatible File Service openai_routes.py delete_file missing authentication

CVE-2026-36356 CRITICAL

MeiG Smart FORGE_SLT711 MDM9607.LE.1.0-00110 - Command Injection

CVE-2026-42222 HIGH

nginx-ui: Unauthenticated first-boot instance claim via POST /api/install allows remote bootstrap takeover

CVE-2026-42221 HIGH

nginx-ui: Unauthenticated First-Run Installer Allows Remote Initial Admin Claim

CVE-2026-42796 CRITICAL

Arelle < 2.39.10 Unauthenticated RCE via /rest/configure

CVE-2026-7723 HIGH

PrefectHQ prefect WebSocket Endpoint in missing authentication

CVE-2026-7714 MEDIUM

crocodilestick Calibre-Web-Automated Admin Endpoint cwa_functions.py missing authentication

CVE-2026-39858 CRITICAL

Traefik: Forwarded alias spoofing top pre-auth decision bypass

CVE-2026-35514 MEDIUM

Unauthenticated Account Registration via /user/invited Bypasses All Signup Restrictions in Chartbrew

CVE-2026-0204 HIGH

SonicWall SonicOS <=6.5.5.1-6n - Auth Bypass

CVE-2026-41940 CRITICAL KEV

cPanel and WHM Authentication Bypass via Login Flow

CVE-2026-3893 CRITICAL

Carlson Software VASCO-B GNSS Receiver Missing Authentication for Critical Function

Previous Page 5 of 94 Next

Details

Vulnerabilities 2,343

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy