Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,436 vulnerabilities with CWE-306

CVE-2022-30317 CRITICAL

Honeywell Experion LX < r520.1 - Unauthenticated DoS via CDA EpicMo Protocol

CVE-2022-37680 HIGH

Hitachi HC-IP9100HD Firmware < 1.07 - Unauthenticated Remote Reboot via /ptipupgrade.cgi

CVE-2022-36521 HIGH

cskefu v7.0.1 - Privilege Escalation

CVE-2022-35733 CRITICAL

UNIMO Technology UDR-JA1004/JA1008/JA1016 <v1.0.20.13 - RCE

CVE-2022-34858 CRITICAL

miniOrange OAuth 2.0 client for SSO < 1.11.3 - Authentication Bypass

CVE-2022-2552 MEDIUM

Duplicator < 1.4.7.1 - Information Disclosure

CVE-2022-37062 HIGH

FLIR AX8 Firmware <= 1.46.16 - Unauthenticated Arbitrary File Read via SQLite Database Path

CVE-2022-35122 CRITICAL

Ecowitt GW1100 Series Firmware <= 2.1.5 - Unauthenticated Sensitive Information Exposure

CVE-2022-2765 MEDIUM

Company Website CMS 1.0 - Improper Authentication in Dashboard Settings

CVE-2022-2242 CRITICAL

KUKA SystemSoftware V/KSS < 8.6.5 - Unauthenticated Robot Configuration Read/Write

CVE-2022-35865 CRITICAL

BMC Track-It! 20.21.2.109 - Unauthenticated Remote Code Execution via HTTP Request Authorization Bypass

CVE-2022-30313 HIGH

Honeywell Experion PKS Safety Manager - Unauthenticated Critical Function Access

CVE-2022-36884 MEDIUM

Jenkins Git Plugin < 4.11.3 - Unauthenticated Information Disclosure via Webhook Endpoint

CVE-2022-36129 CRITICAL

HashiCorp Vault Enterprise <1.9.8, <1.10.5, <1.11.1 - Privilege Esc...

CVE-2022-30276 HIGH

Motorola MOSCAD and ACE IP Gateway Firmware - Unauthenticated Critical Function Access via IPGW Protocol

CVE-2022-29957 HIGH

Emerson DeltaV DCS < 2022-04-29 - Unauthenticated Critical Function Access

CVE-2022-29952 CRITICAL

Bently Nevada 3701/40, 3701/44, 3701/46, and 60m100 Firmware - Unauthenticated Critical Function Access via TDI Protocol

CVE-2022-29951 CRITICAL

JTEKT TOYOPUC PLCs - Unauthenticated Critical Function Access via CMPLink/TCP Protocol

CVE-2022-35871 HIGH

Inductive Automation Ignition 8.1.15 - RCE

CVE-2022-2138 HIGH

Advantech iView <= 5.7.04.6469 - Missing Authentication

CVE-2022-34767 MEDIUM

ALLNET WR0500AC Firmware - Unauthenticated Authorization Bypass via wizardpwd.asp

CVE-2022-20861 CRITICAL

Cisco Nexus Dashboard 1.1-2.2(1e) - Unauthenticated Remote Code Execution and Arbitrary File Read/Write

CVE-2022-20858 CRITICAL

Cisco Nexus Dashboard 2.0-2.2(1e) - Unauthenticated Remote Code Execution and Arbitrary File Read/Write

CVE-2022-20857 CRITICAL

Cisco Nexus Dashboard 1.0-2.2(1e) - Unauthenticated Remote Code Execution and Arbitrary File Read/Write

CVE-2022-2141 CRITICAL

MiCODUS MV720 GPS tracker - Command Injection

Previous Page 62 of 98 Next

Details

Vulnerabilities 2,436

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy