Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,205 vulnerabilities with CWE-306

CVE-2026-25192 CRITICAL

CTEK Chargeportal Missing Authentication for Critical Function

CVE-2026-22898 CRITICAL

QNAP QVR Pro < 2.7.4.14 - Missing Authentication for Critical Function

CVE-2026-33070 LOW

FileRise has Unauthenticated Share Link Deletion

CVE-2026-4476 MEDIUM

Yi Technology YI Home Camera CGI Endpoint ipc missing authentication

CVE-2026-33038 HIGH

AVideo affected by unauthenticated application takeover via exposed web installer on uninitialized deployments

CVE-2026-33017 CRITICAL KEV

Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint

CVE-2026-21992 CRITICAL

Oracle Identity Manager 12.2.1.4.0 - RCE

CVE-2026-32985 CRITICAL

Xerte Online Toolkits <= 3.14 Unauthenticated Template Import Arbitrary File Upload Leading to Remote Code Execution

CVE-2026-22731 HIGH

Authentication Bypass under Actuator Health groups paths

CVE-2026-32041 MEDIUM

OpenClaw < 2026.3.1 - Unauthenticated Browser Control Access via Failed Auth Bootstrap

CVE-2026-24062 HIGH

Insufficient XPC Client validation leading to local privilege escalation in Arturia Software Center

CVE-2026-2603 HIGH

Keycloak: keycloak: unauthorized authentication via disabled saml identity provider

CVE-2026-22174 MEDIUM

OpenClaw < 2026.2.22 - Gateway Token Disclosure via Chrome CDP Probe

CVE-2026-22727 HIGH

Cloud Foundry unprotected internal endpoints

CVE-2026-1264 HIGH

IBM Sterling B2B Integrator and IBM Sterling File Gateway Improper Access Controls

CVE-2026-3207 CRITICAL

TIBCO BPM Enterprise Remote Code Execution (RCE) Vulnerability

CVE-2026-32297 HIGH

Angeet ES3 KVM unauthenticated arbitrary file write

CVE-2026-32296 HIGH

Sipeed NanoKVM unauthenticated Wi-Fi configuration endpoint

CVE-2026-32291 MEDIUM

GL-iNet Comet (GL-RM1) KVM unauthenticated root access via UART serial console

CVE-2026-4312 CRITICAL

DrangSoft｜GCB/FCB Audit Software - Missing Authentication

CVE-2026-4187 MEDIUM

Tiandy Easy7 7.17.0 - Auth Bypass

CVE-2026-3558 HIGH

Philips Hue Bridge - Auth Bypass

CVE-2026-32594 HIGH

Parse Server GraphQL WebSocket endpoint bypasses security middleware

CVE-2026-2491 MEDIUM

Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability

CVE-2026-20995 MEDIUM

Samsung Mobile Smart Switch - Auth Bypass

Previous Page 6 of 89 Next

Details

Vulnerabilities 2,205

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy