Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,436 vulnerabilities with CWE-306

CVE-2023-28470 MEDIUM

Couchbase Server <7.1.4 - Info Disclosure

CVE-2023-27060 CRITICAL

LightCMS v1.3.7 - Remote Code Execution via Image Make Function

CVE-2023-25589 CRITICAL

ClearPass Policy Manager 6.9.0-6.9.12 - Unauthenticated Arbitrary User Creation

CVE-2023-27983 MEDIUM

Schneider Electric IGSS < 16.0.0.23040 - Unauthenticated Report Deletion via TCP

CVE-2023-27980 HIGH

Schneider Electric IGSS < 16.0.0.23040 - Unauthenticated RCE via Malicious Report File

CVE-2023-28461 CRITICAL KEV

Array Networks AG and vxAG - Unauthenticated Remote Code Execution

CVE-2023-24526 MEDIUM

SAP NetWeaver Application Server Java - Privilege Escalation

CVE-2023-27532 HIGH KEV

Veeam Backup & Replication < 11.0.1.1261 - Unauthenticated Credential Disclosure

CVE-2023-27290 CRITICAL

IBM Observability with Instana 239-0-239-2, 241-0-241-2, 243-0 - Unauthenticated Data Store Access

CVE-2023-20857 MEDIUM

VMware Workspace ONE Content < 23.02 - Passcode Bypass via Rooted Device Access

CVE-2023-23453 CRITICAL

SICK FX0-GENT v3 Firmware V3.04 and V3.05 - Unauthenticated Remote Code Execution via RK512 Commands

CVE-2023-23452 CRITICAL

SICK FX0-GPNT v3 Firmware V3.04 and V3.05 - Unauthenticated Remote Code Execution via RK512 Commands

CVE-2023-25570 HIGH

Apollo < 2.1.0 - Unauthenticated Access to Eureka Service

CVE-2023-0919 HIGH

Kavita < 0.7.0 - Unauthenticated Access to Critical Function

CVE-2023-0906 HIGH

Online Pizza Ordering System 1.0 - Missing Authentication in POST Parameter Handler

CVE-2023-22804 CRITICAL

LS ELECTRIC XBC-DN32U Firmware 01.80 - Unauthenticated User Creation and Privilege Escalation

CVE-2023-22803 HIGH

LS ELECTRIC XBC-DN32U Firmware 01.80 - Unauthenticated Critical Function Access

CVE-2023-0102 CRITICAL

LS ELECTRIC XBC-DN32U <01.80 - Info Disclosure

CVE-2023-25014 HIGH

femanager < 5.5.3, 6.x < 6.3.4, 7.x < 7.1.0 - Unauthenticated Frontend User Deletion via InvitationController

CVE-2023-25013 HIGH

femanager < 5.5.3, 6.x < 6.3.4, 7.x < 7.1.0 - Unauthenticated Password Reset via InvitationController

CVE-2023-0463 LOW

Devolutions Remote Desktop Manager 2022.3.29-2022.3.30 - Sensitive Data Exposure via MFA Bypass

CVE-2023-0052 CRITICAL

SAUTER Controls Nova 200-220 - Command Injection

CVE-2023-21856 HIGH

Oracle E-Business Suite <12.2.13 - Unauthenticated RCE

CVE-2023-21842 HIGH

Oracle WebLogic Server <14.1.1.0.0 - RCE

CVE-2023-21839 HIGH KEV

Oracle WebLogic Server <14.1.1.0.0 - RCE

Previous Page 56 of 98 Next

Details

Vulnerabilities 2,436

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy