Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,436 vulnerabilities with CWE-306

CVE-2022-46145 HIGH

authentik <2022.11.2-2022.10.2 - Privilege Escalation

CVE-2022-4229 HIGH

Book Store Management System 1.0 - Improper Access Control in /bsms_ci/index.php

CVE-2022-4228 MEDIUM

Book Store Management System 1.0 - Information Disclosure via User Edit Password Parameter

CVE-2022-24190 HIGH

Ourphoto App 1.4.1 - Privilege Escalation

CVE-2022-45933 CRITICAL

kubeview < 0.1.31 - Unauthenticated Kubernetes Cluster Control via api/scrape/kube-system

CVE-2022-44784 HIGH

Appalti & Contratti 9.12.2 - Unauthenticated Arbitrary Service Creation via Axis AdminService

CVE-2022-44001 CRITICAL

BACKCLICK Professional <5.9.63 - Auth Bypass

CVE-2022-42982 HIGH

BKG Professional NtripCaster < 2.0.39 - Unauthenticated UDP Amplification via NTRIP Sourcetable Query

CVE-2022-44000 CRITICAL

BACKCLICK Professional <5.9.63 - RCE

CVE-2022-43999 CRITICAL

BACKCLICK Professional <5.9.63 - Command Injection

CVE-2022-4018 MEDIUM

GitHub rdiffweb <2.5.0a6 - Info Disclosure

CVE-2022-42785 CRITICAL

W&T ComServer Series Firmware < 1.48/1.76 - Unauthenticated Authentication Bypass via Modified HTTP GET Request

CVE-2022-45378 CRITICAL

Apache SOAP < 2.3 - Unauthenticated Remote Code Execution via RPCRouterServlet

CVE-2022-30515 MEDIUM

ZKTeco BioTime 8.5.4 - Unauthenticated Employee Photo Exposure via Filename Enumeration

CVE-2022-38168 CRITICAL

Avaya Scopia Pathfinder <8.3.7.0.4 - Auth Bypass

CVE-2022-3675 LOW

Fedora CoreOS >=36.20220820.3.0 <37.20221031.1.0 - Unauthenticated OSTree Deployment Boot Bypass

CVE-2022-42473 MEDIUM

Fortinet FortiSOAR 6.4.0-6.4.4, 7.0.0-7.0.3, 7.2.0 - Unauthenticated Information Disclosure via Database Login

CVE-2022-43990 HIGH

SICK SIM1012 <2.2.0 - Privilege Escalation

CVE-2022-43989 HIGH

SICK SIM2x00 (ARM) <1.2.0 - Privilege Escalation

CVE-2022-27586 CRITICAL

SICK SIM1004 Partnumber 1098148 Firmware < 2.0.0 - Unauthenticated Privilege Escalation via Password Recovery Mechanism

CVE-2022-27585 CRITICAL

SICK SIM1000 FX Firmware < 1.6.0 - Unauthenticated Privilege Escalation via Password Recovery Mechanism

CVE-2022-27584 CRITICAL

SICK SIM2000ST Firmware <= 1.7.0 - Unauthenticated Privilege Escalation via Password Recovery Mechanism

CVE-2022-27582 CRITICAL

SICK SIM4000 Firmware <=1.10.1 - Unauthenticated Privilege Escalation via Password Recovery Mechanism

CVE-2022-3312 MEDIUM

Google Chrome <106.0.5249.62 - Auth Bypass

CVE-2022-41776 HIGH

Delta Electronics InfraSuite Device Master <00.00.01a - Info Disclo...

Previous Page 60 of 98 Next

Details

Vulnerabilities 2,436

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy