Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,343 vulnerabilities with CWE-306

CVE-2026-5944 HIGH

Cisco Intersight Device Connector for Nutanix Prism Central Unauthenticated API Access

CVE-2026-3323 HIGH

VEGA: Privilege escalation through unsecured configuration interface in VEGAPULS devices

CVE-2026-41603 HIGH

Apache Thrift: Java TSSLTransportFactory hostname verification

CVE-2026-7113 MEDIUM

NousResearch hermes-agent Webhooks Endpoint webhook.py missing authentication

CVE-2026-7042 HIGH

666ghj MiroFish REST API Endpoint __init__.py create_app missing authentication

CVE-2026-41473 CRITICAL

CyberPanel < 2.4.4 Unauthenticated API Access via AI Scanner Endpoints

CVE-2026-41477 HIGH

Deskflow: Local privilege escalation via unauthenticated IPC

CVE-2026-6272 HIGH

Eclipse KUKSA - Databroker <0.6.0 - Privilege Escalation

CVE-2026-40620 CRITICAL

SenseLive X3050 Missing authentication for critical function

CVE-2026-35064 HIGH

SenseLive X3050 Missing authentication for critical function

CVE-2026-27843 CRITICAL

SenseLive X3050 Missing authentication for critical function

CVE-2026-25775 CRITICAL

SenseLive X3050 Missing authentication for critical function

CVE-2026-42095 MEDIUM

KDE Arianna <26.04.1 - Info Disclosure

CVE-2026-6376 HIGH

Missing authentication for critical function in SpiceJet Online Booking System

CVE-2026-41273 HIGH

Flowise: Unauthenticated OAuth 2.0 Access Token Disclosure via Public Chatflow

CVE-2026-23751 CRITICAL

Kofax Capture 6.0.0.0 Unauthenticated File Read/Write & SMB Coercion via .NET Remoting

CVE-2026-41179 CRITICAL

RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution

CVE-2026-41176 CRITICAL

Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution

CVE-2026-5749 HIGH

Inadequate access control vulnerability in Fullstep

CVE-2026-40344 HIGH

MinIO Unsigned-Trailer Uploads - Unauthenticated Object Write

CVE-2026-34289 MEDIUM

Oracle Identity Manager Connector 12.2.1.4.0 - Info Disclosure

CVE-2026-34288 MEDIUM

Oracle Identity Manager Connector 12.2.1.4.0 - Info Disclosure

CVE-2026-34286 CRITICAL

Oracle Identity Manager Connector 12.2.1.4.0 - Unauthenticated Data Manipulation

CVE-2026-34285 CRITICAL

Oracle Identity Manager Connector 12.2.1.4.0 - Unauthenticated Data Manipulation

CVE-2026-34280 MEDIUM

Oracle PeopleSoft Enterprise HCM Human Resources 9.2 - Privilege Escalation

Previous Page 6 of 94 Next

Details

Vulnerabilities 2,343

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy