Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,436 vulnerabilities with CWE-306

CVE-2022-28809 HIGH

Open Design Alliance Drawings SDK <2023.3 - RCE

CVE-2022-31260 MEDIUM

Montala ResourceSpace <9.8 - Info Disclosure

CVE-2022-28771 HIGH

SAP Business One License service API <10.0 - Unauthenticated RCE

CVE-2022-33138 HIGH

SIMATIC MV540-560 <V3.3 - Info Disclosure

CVE-2022-23719 HIGH

PingID Windows Login < 2.8 - Unauthenticated Spoofing via Local Java Service

CVE-2022-31266 MEDIUM

ILIAS < 7.10 - Unauthenticated Account Takeover via Email Change

CVE-2022-29270 MEDIUM

Nagios XI <= 5.8.5 - Unauthenticated Email Address Change

CVE-2022-1521 CRITICAL

Illumina Local Run Manager 1.3-3.1 - Unauthenticated Improper Access Control

CVE-2022-21952 HIGH

SUSE Manager Server <4.1.46, <4.2.37 - DoS

CVE-2022-24562 CRITICAL

IOBit IOTransfer 4.3.1.1561 - Unauthenticated Arbitrary File Read/Write via Airserv API

CVE-2022-32157 HIGH

Splunk < 9.0 - Unauthenticated Forwarder Bundle Download

CVE-2022-32557 HIGH

Couchbase Server 4.0.0-7.0.3 - Unauthenticated Index Service Access

CVE-2022-32251 HIGH

SINEMA Remote Connect Server < 3.1 - Unauthenticated Privilege Escalation via User Role Modification

CVE-2022-30230 CRITICAL

SICAM GridEdge Essential < 2.6.6 - Unauthenticated Privileged Function Access

CVE-2022-30229 HIGH

SICAM GridEdge Essential < 2.6.6 - Unauthenticated Privileged Function Access

CVE-2022-29226 CRITICAL

Envoy < 1.22.1 - Missing Authentication for Critical Function in OAuth Filter

CVE-2022-1598 MEDIUM

WPQA Builder < 5.4 - Unauthenticated Private Question Disclosure via REST API Endpoint

CVE-2022-31461 HIGH

Owl Labs Meeting Owl <5.2.0.15 - Code Injection

CVE-2022-26971 MEDIUM

Barco Control Room Management Suite <3.14 - Info Disclosure

CVE-2022-31022 MEDIUM

Bleve < 2.5.0 - Unauthenticated Arbitrary Directory Creation and Deletion via HTTP Handlers

CVE-2022-22576 HIGH

curl 7.33.0-7.82.0 - Improper Authentication via OAUTH2 Connection Reuse

CVE-2022-27169 HIGH

OAS Platform V16.00.0112 - Information Disclosure via SecureBrowseFile Functionality

CVE-2022-26833 CRITICAL

Open Automation Software OAS Platform 16.00.0121 - Auth Bypass

CVE-2022-26303 HIGH

Open Automation Software OAS Platform <16.00.0112 - Info Disclosure

CVE-2022-26082 CRITICAL

Open Automation Software OAS Platform <16.00.0112 - RCE

Previous Page 63 of 98 Next

Details

Vulnerabilities 2,436

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy