Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,435 vulnerabilities with CWE-306

CVE-2023-42845 MEDIUM

iPadOS 17.0-17.1 - Unauthenticated Hidden Photos Album Access

CVE-2023-40401 HIGH

macOS 13.0-13.6.1 - Unauthenticated Passkey Access

CVE-2023-45851 HIGH

Bosch Rexroth ctrlX HMI Web Panel WR2107/WR2110/WR2115 Firmware - Missing Authentication for MQTT Broker Connection

CVE-2023-45220 HIGH

Bosch Rexroth ctrlX HMI Web Panel WR2107/WR2110/WR2115 - Unauthenticated Sensitive Info Exposure

CVE-2023-41255 HIGH

Bosch Rexroth ctrlX HMI Web Panel WR2107/WR2110/WR2115 - Unauthenticated Root Access via ADB

CVE-2023-39930 HIGH

PingID Radius PCV 3.0.0-3.0.3 - Unauthenticated First-Factor Authentication Bypass via Malicious RADIUS Client Request

CVE-2023-39231 HIGH

PingFederate PingOne MFA Integration Kit - Missing Authentication for MFA Device Pairing

CVE-2023-27377 HIGH

idattend idweb < 3.1.052 - Unauthenticated Sensitive Data Exposure

CVE-2023-27376 HIGH

IDAttend IDWeb < 3.1.052 - Unauthenticated Sensitive Data Exposure via StudentPopupDetails_StudentDetails Method

CVE-2023-27375 HIGH

IDAttend IDWeb < 3.1.052 - Unauthenticated Sensitive Data Exposure via StudentPopupDetails_ContactDetails

CVE-2023-27261 MEDIUM

idattend idweb < 3.1.052 - Unauthenticated Data Deletion via DeleteAssignments Method

CVE-2023-27259 HIGH

idattend idweb < 3.1.052 - Unauthenticated Sensitive Data Exposure via GetAssignmentsDue Method

CVE-2023-27258 HIGH

idattend IDWeb < 3.1.052 - Unauthenticated Information Disclosure via GetStudentGroupStudents Method

CVE-2023-27257 HIGH

IDAttend IDWeb < 3.1.052 - Unauthenticated Information Disclosure via GetActiveToiletPasses Method

CVE-2023-27256 MEDIUM

IDAttend's IDWeb <3.1.052 - Info Disclosure

CVE-2023-26580 HIGH

IDAttend's IDWeb <3.1.013 - Info Disclosure

CVE-2023-26579 MEDIUM

IDAttend IDWeb 3.1.013 - Unauthenticated Staff Information Deletion via DeleteStaff Method

CVE-2023-26576 HIGH

IDAttend IDWeb < 3.1.052 - Unauthenticated Sensitive Data Exposure via SearchStudentsRFID Method

CVE-2023-26575 HIGH

idattend idweb < 3.1.052 - Unauthenticated Sensitive Data Exposure via SearchStudentsStaff Method

CVE-2023-26574 HIGH

IDAttend's IDWeb <3.1.052 - Info Disclosure

CVE-2023-26573 HIGH

idattend idweb < 3.1.052 - Unauthenticated Denial of Service or Credential Theft via SetDB Method

CVE-2023-26571 HIGH

IDAttend's IDWeb <3.1.052 - Info Disclosure

CVE-2023-26570 HIGH

IDAttend IDWeb < 3.1.052 - Unauthenticated Sensitive Data Exposure via StudentPopupDetails_Timetable Method

CVE-2023-43045 MEDIUM

IBM Sterling Partner Engagement Manager <6.2.2 - Privilege Escalation

CVE-2023-22101 HIGH

Oracle WebLogic Server <14.1.1.0.0 - RCE

Previous Page 51 of 98 Next

Details

Vulnerabilities 2,435

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy