Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,436 vulnerabilities with CWE-306

CVE-2022-32528 HIGH

Schneider-electric Interactive Graphi... - Missing Authentication

CVE-2022-41505 MEDIUM

TP-Link Tapo C200 V1 - Privilege Escalation

CVE-2022-3738 MEDIUM

WAGO PFC100/PFC200/TP600/CC100/Edge Controller FW 16-21 - Unauthenticated Sensitive Info Exposure

CVE-2022-46732 CRITICAL

GE Proficy Historian 7.0-2023 - Unauthenticated Command Execution

CVE-2022-43976 CRITICAL

GE Grid Solutions MS3000 <3.7.6.25p0-4.7p0 - Info Disclosure

CVE-2022-42277 HIGH

NVIDIA DGX Station A100 Firmware < 10.16 - Authenticated Arbitrary Flash Read/Write/Erase via SmiFlash

CVE-2022-42276 HIGH

NVIDIA DGX A100 Firmware < 1.18 - Authenticated Arbitrary Flash Access via SmiFlash

CVE-2022-42275 HIGH

NVIDIA BMC < 00.19.07 - Unauthenticated SPI Flash Write via IPMI Handler

CVE-2022-46463 HIGH

Harbor 1.1.0-2.5.3 - Unauthenticated Access to Image Repositories

CVE-2022-45433 LOW

Dahua DSS Firmware - Unauthenticated Traceroute Host Information Disclosure

CVE-2022-45432 MEDIUM

Dahua DSS Firmware - Unauthenticated Device Search via Crafted Packet

CVE-2022-45424 MEDIUM

Dahua DSS Express and DSS Professional - Unauthenticated AES Crypto Key Disclosure via Crafted Packet

CVE-2022-45423 HIGH

Dahua DSS Express and DSS Professional - Unauthenticated MQTT Credential Disclosure via Crafted Packet

CVE-2022-44013 CRITICAL

Simmeth Lieferantenmanager <5.6 - Info Disclosure

CVE-2022-3188 MEDIUM

Dataprobe iBoot-PDU Firmware < 1.42.06162022 - Unauthenticated Information Disclosure via History File Download

CVE-2022-47377 CRITICAL

SICK SIM2000ST <1.13.4 - Privilege Escalation

CVE-2022-31701 MEDIUM

VMware Workspace ONE Access and Identity Manager - Broken Authentication

CVE-2022-41272 CRITICAL

SAP NetWeaver PI <7.50 - Info Disclosure

CVE-2022-41271 CRITICAL

SAP NetWeaver PI 7.50 - Info Disclosure

CVE-2022-45504 HIGH

Tenda W6-S v1.0.0.4(510) - Unauthenticated Denial of Service via SysToolRestoreSet

CVE-2022-45498 HIGH

Tenda W6-S v1.0.0.4(510) - Unauthenticated Denial of Service via SysToolReboot Endpoint

CVE-2022-45481 CRITICAL

lazy_mouse < 2.0.1 - Unauthenticated Remote Code Execution

CVE-2022-45479 CRITICAL

PC Keyboard < 30 - Unauthenticated Remote Code Execution

CVE-2022-45477 CRITICAL

telepad < 1.0.7 - Unauthenticated Remote Code Execution

CVE-2022-46414 CRITICAL

Veritas NetBackup <3.0, Access Appliance <8.0.100 - RCE

Previous Page 59 of 98 Next

Details

Vulnerabilities 2,436

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy