Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,438 vulnerabilities with CWE-306

CVE-2022-23220 HIGH

USBView < 2.2 - Unauthenticated Remote Code Execution via Polkit pkexec

CVE-2022-21691 MEDIUM

OnionShare < 2.5 - Unauthenticated Channel Leave Message Spoofing

CVE-2022-23227 CRITICAL KEV

NUUO NVRmini2 < 3.11.0 - Unauthenticated Arbitrary User Creation via handle_import_user.php

CVE-2021-47940 CRITICAL

WordPress Download From Files 1.48 Arbitrary File Upload

CVE-2021-47936 CRITICAL

OpenCATS 0.9.4 Remote Code Execution via Resume Upload

CVE-2021-47933 CRITICAL

WordPress MStore API 2.0.6 Arbitrary File Upload

CVE-2021-47891 CRITICAL

Unified Remote 3.9.0.2463 - Remote Code Execution via Crafted Network Packets

CVE-2021-47802 HIGH

Tenda D151 and D301 Firmware - Unauthenticated Configuration Download via getimage Endpoint

CVE-2021-47731 CRITICAL

Selea Targa IP OCR-ANPR Camera - Info Disclosure

CVE-2021-47727 MEDIUM

Selea Targa IP OCR-ANPR Camera - Info Disclosure

CVE-2021-47710 HIGH

COMMAX Smart Home System - Info Disclosure

CVE-2021-47709 HIGH

COMMAX Smart Home Ruvie CCTV Bridge DVR Service - Unauthenticated Denial of Service via setconf Endpoint

CVE-2021-4469 HIGH

Denver SHO-110 - Unauthenticated Snapshot Access via Secondary HTTP Service

CVE-2021-4468 HIGH

PLANEX CS-QP50F-ING2 - Info Disclosure

CVE-2021-4461 CRITICAL

Seeyon Zhiyuan OA Web App <7.0 SP1 - Info Disclosure

CVE-2021-26280 HIGH

Locally Installed App - Privilege Escalation

CVE-2021-26278 MEDIUM

vivo Wifi - Unauthenticated Sensitive Information Exposure

CVE-2021-34983 MEDIUM

NETGEAR Multiple Routers - Unauthenticated Information Disclosure via httpd Service

CVE-2021-37234 MEDIUM

Modern Honey Network < 2021-10-30 - Unauthenticated Sensitive Information Exposure via Web API PUT Request

CVE-2021-43447 HIGH

ONLYOFFICE Server < 7.0.0.49 - Unauthenticated Document Editing via Access Control Bypass

CVE-2021-46852 HIGH

Memory Management Module - Info Disclosure

CVE-2021-36200 MEDIUM

Metasys ADS/ADX/OAS <10.1.6, <11.0.2 - Info Disclosure

CVE-2021-34538 HIGH

Apache Hive < 3.1.3 - Unauthenticated UDF Manipulation via CREATE and DROP Operations

CVE-2021-44222 CRITICAL

SIMATIC eaSie Core Package < 22.00 - Unauthenticated MQTT Service Request Injection

CVE-2021-26637 HIGH

SiHAS SGW-300, ACM-300, GCM-300 Firmware - Unauthenticated Remote Device Control

Previous Page 66 of 98 Next

Details

Vulnerabilities 2,438

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy