Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,438 vulnerabilities with CWE-306

CVE-2022-24829 HIGH

Garden < 0.12.39 - Unauthenticated Information Disclosure via Dashboard API Endpoint

CVE-2022-24820 MEDIUM

XWiki Platform < 12.10.11 - Unauthenticated Exposure of Private Personal Information via Velocity Document Rendering

CVE-2022-1248 HIGH

SAP Information System 1.0 - Unauthenticated Admin Account Creation via add_admin.php

CVE-2022-25245 MEDIUM

Zoho ManageEngine ServiceDesk Plus < 13001 - Unauthenticated Information Disclosure

CVE-2022-0922 MEDIUM

Philips e-Alert Firmware < 2.7 - Missing Authentication for Critical Function

CVE-2022-25008 HIGH

totolink EX300_v2 and EX1200T Firmware - Missing Authentication for Critical Function

CVE-2022-23345 HIGH

BigAnt Server 5.6.06 - Missing Authentication for Critical Function

CVE-2022-26267 HIGH

Piwigo 12.2.0 - Information Disclosure via Maintenance Actions Endpoint

CVE-2022-22652 MEDIUM

iPadOS < 15.4 - Missing Authentication for GSMA Panel on Lock Screen

CVE-2022-26501 CRITICAL KEV

Veeam Backup & Replication <11.x - Info Disclosure

CVE-2022-25251 CRITICAL

PTC Axeda Agent and Desktop Server - Unauthenticated Configuration Access via XML Message

CVE-2022-25250 HIGH

PTC Axeda Agent and Desktop Server - Unauthenticated Denial of Service via Specific Port Command

CVE-2022-25247 CRITICAL

PTC Axeda Agent and Desktop Server - Unauthenticated Remote Code Execution

CVE-2022-25508 HIGH

FreeTAKServer < 1.9.8.5 - Unauthenticated Denial of Service via Route Creation

CVE-2022-26143 CRITICAL KEV

Mitel MiCollab - Information Disclosure & Denial of Service

CVE-2022-25922 MEDIUM

PLC4TRUCKS Firmware - Unauthenticated Diagnostic Function Access via J2497 Message Replay

CVE-2022-24396 HIGH

Simple Diagnostics Agent <1.57 - Info Disclosure

CVE-2022-20060 MEDIUM

Preloader (usb) - Privilege Escalation

CVE-2022-25359 CRITICAL

ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 - Unauthenticated Arbitrary File Write

CVE-2022-0188 MEDIUM

CMP WordPress <4.0.19 - Info Disclosure

CVE-2022-24111 MEDIUM

Mahara <21.04.3, <21.10.1 - Info Disclosure

CVE-2022-22809 MEDIUM

Schneider Electric spaceLYnk, Wiser for KNX, fellerLYnk < 2.6.2 - Unauthenticated Touch Configuration Modification

CVE-2022-21816 MEDIUM

NVIDIA vGPU < 2022 and Virtual GPU 8.0-8.10 - Denial of Service via GPU Interrupt Storm

CVE-2022-23945 HIGH

Apache ShenYu 2.4.0-2.4.1 - Unauthenticated Missing Authorization via HTTP Registration

CVE-2022-23944 CRITICAL

Apache ShenYu <2.4.1 - Info Disclosure

Previous Page 65 of 98 Next

Details

Vulnerabilities 2,438

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy