Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,436 vulnerabilities with CWE-306

CVE-2023-23444 HIGH

SICK Flexi Classic and Flexi Soft Gateways - Unauthenticated IP Settings Manipulation via UDP Broadcast

CVE-2023-23906 HIGH

SkyBridge MB-A100/110 <=4.2.0 - Missing Authentication for Critical Functions

CVE-2023-22441 HIGH

Seiko Solutions SkyBridge <1.4.1 - RCE

CVE-2023-31143 MEDIUM

Mage-ai <0.8.72 - Privilege Escalation

CVE-2023-30744 HIGH

SAP NetWeaver Application Server for Java - Unauthenticated Remote Method Invocation via Open Naming and Directory API

CVE-2023-20126 CRITICAL

Cisco SPA112 2-Port Phone Adapters - Unauthenticated Remote Code Execution via Firmware Upgrade Function

CVE-2023-31444 HIGH

Talend Studio <7.3.1-R2022-10 & 8.x <8.0.1-R2022-09 - SSRF

CVE-2023-28697 CRITICAL

Moxa MiiNePort E1 - Privilege Escalation

CVE-2023-2231 CRITICAL

MAXTECH MAX-G866ac 0.4.1_TBRO_20160314 - Unauthenticated Remote Management Access

CVE-2023-23451 CRITICAL

SICK Flexi Classic and Flexi Soft Gateways - Unauthenticated Remote Access via Default Telnet Configuration

CVE-2023-30612 MEDIUM

Cloud Hypervisor v30.0-31.0 - Denial of Service via HTTP API Socket File Descriptor Manipulation

CVE-2023-29413 HIGH

Schneider Electric APC Easy UPS Online Monitoring Software < 2.5 - Unauthenticated DoS

CVE-2023-29411 CRITICAL

APC Easy UPS Online Monitoring Software < 2.5-ga-01-22320 and < 2.5-gs-01-22320 - Remote Code Execution via Java RMI

CVE-2023-21979 HIGH

Oracle WebLogic Server <14.1.1.0.0 - Unauthorized Access

CVE-2023-21931 HIGH

Oracle Weblogic PreAuth Remote Command Execution via ForeignOpaqueReference IIOP Deserialization

CVE-2023-27571 MEDIUM

DG3450 Cable Gateway AR01.02.056.18 - Unauthenticated Log File Download

CVE-2023-24934 MEDIUM

Microsoft Defender < - Privilege Escalation

CVE-2023-27747 HIGH

BlackVue DR750-2CH LTE v.1.012_2022.10.26 - Unauthenticated Sensitive Information Exposure

CVE-2023-28761 MEDIUM

SAP NetWeaver Enterprise Portal - 7.50 - Info Disclosure

CVE-2023-27497 CRITICAL

SAP Diagnostics Agent 720 - Unauthenticated Remote Code Execution via EventLogServiceCollector

CVE-2023-27267 CRITICAL

SAP Diagnostics Agent 720 - Unauthenticated Remote Code Execution via OSCommand Bridge

CVE-2023-24527 MEDIUM

SAP NetWeaver AS Java for Deploy Service -7.5 - Info Disclosure

CVE-2023-28326 CRITICAL

Apache OpenMeetings 2.0.0-7.0.0 - Unauthenticated Privilege Escalation

CVE-2023-1140 CRITICAL

InfraSuite Device Master < 1.0.5 - Unauthenticated Remote Code Execution

CVE-2023-24838 CRITICAL

HGiga PowerStation - Info Disclosure

Previous Page 55 of 98 Next

Details

Vulnerabilities 2,436

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy