Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,436 vulnerabilities with CWE-306

CVE-2022-41688 CRITICAL

Delta Electronics InfraSuite Device Master <0.0.0.1a - Privilege Es...

CVE-2022-41644 HIGH

Delta Electronics InfraSuite Device Master <0.00.00.01a - Privilege...

CVE-2022-41629 HIGH

Delta Electronics InfraSuite Device Master <00.00.01a - Info Disclo...

CVE-2022-40202 CRITICAL

Delta Electronics InfraSuite Device Master < 00.00.02a - RCE via Database Backup

CVE-2022-2474 CRITICAL

Haas Controller Firmware 100.20.000.1110 - Unauthenticated Arbitrary Macro Write via Ethernet Q Commands

CVE-2022-3674 HIGH

Sanitization Management System 1.0 - Improper Authentication

CVE-2022-38870 HIGH

free5gc v3.2.1 - Information Disclosure

CVE-2022-27623 HIGH

Synology DiskStation Manager < 7.1-42661 - Unauthenticated Arbitrary File Read and Write via iSCSI Management

CVE-2022-1070 HIGH

Aethon TUG Home Base Server < 24 - Unauthenticated Access to Hashed User Credentials

CVE-2022-3327 CRITICAL

GitHub rdiffweb <2.5.0a6 - Info Disclosure

CVE-2022-39426 HIGH

Oracle VM VirtualBox < 6.1.40 - Unauthenticated Remote Code Execution via VRDP

CVE-2022-39425 HIGH

Oracle VM VirtualBox < 6.1.40 - Unauthenticated Remote Code Execution via VRDP

CVE-2022-39412 HIGH

Oracle Access Manager 12.2.1.4.0 - Unauthenticated Missing Authentication for Critical Function

CVE-2022-21587 CRITICAL KEV

Oracle E-Business Suite (EBS) Unauthenticated Arbitrary File Upload

CVE-2022-35136 MEDIUM

Boodskap IoT Platform v4.4.9-02 - Unauthenticated API Request Handling

CVE-2022-20830 MEDIUM

Cisco Catalyst SD-WAN Manager 20.4-20.6.1 and SD-WAN vManage 18.4-20.3.4.1 - Unauthenticated GUI Access via SD-AVC

CVE-2022-38817 HIGH

Dapr Dashboard <0.11.0 - Info Disclosure

CVE-2022-22526 CRITICAL

CPY Car Park Server < 2.8.3 & UWP 3.0 Monitoring Gateway/Controller < 8.5.0.3 - Unauthenticated API Access

CVE-2022-36780 MEDIUM

Avdor CIS crystal_quality - Unauthenticated Access to Recorded Calls via Crafted URL

CVE-2022-35572 HIGH

Linksys E5350 Firmware < 1.0.00.037 - Unauthenticated Information Disclosure via SysInfo.htm

CVE-2022-26394 MEDIUM

Baxter Spectrum WBM - Info Disclosure

CVE-2022-1368 CRITICAL

Cognex 3D-A1000 Dimensioning System Firmware < 1.0.3(3354) - Unauthenticated Password Change via WebSocket Monitoring

CVE-2022-31176 HIGH

grafana-image-renderer < 3.6.1 - Unauthorized File Disclosure via Fake Datasource

CVE-2022-36604 HIGH

Canaan Avalon ASIC Miner <2020.3.30 - Info Disclosure

CVE-2022-36619 HIGH

D-Link DIR-816 A2_v1.10CNB04 - Unauthenticated Network Reset via setMAC Endpoint

Previous Page 61 of 98 Next

Details

Vulnerabilities 2,436

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy