Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,438 vulnerabilities with CWE-306

CVE-2021-26264 MEDIUM

Emerson DeltaV Distributed Control System - Denial of Service via Crafted Script

CVE-2021-34870 MEDIUM

NETGEAR XR1000 1.0.0.52_1.0.38 - Unauthenticated Sensitive Information Disclosure via SOAP Message Processing

CVE-2021-33843 MEDIUM

Fresenius Kabi Agilia SP MC WiFi <vD25 - Info Disclosure

CVE-2021-23843 HIGH

Bosch AMC2 Firmware - Unauthenticated Configuration Manipulation via AccessIPConfig/AmcIpConfig Tools

CVE-2021-35587 CRITICAL KEV

Oracle Fusion Middleware - OpenSSO Agent - Unauthenticated RCE

CVE-2021-28506 CRITICAL

Arista EOS 4.24.0-4.24.7m - Unauthenticated Factory Reset via gNOI API

CVE-2021-43974 MEDIUM

SysAid ITIL 20.4.74 b10 - Info Disclosure

CVE-2021-43832 CRITICAL

Spinnaker < 1.25.8 - Unauthenticated Pipeline Creation and Execution

CVE-2021-43333 MEDIUM

Datalogic DXU < 2.1.3 - Unauthenticated Configuration Change and Disclosure

CVE-2021-20161 MEDIUM

Trendnet TEW-827DRU Firmware 2.08B01 - Unauthenticated Root Shell Access via UART

CVE-2021-20158 CRITICAL

Trendnet TEW-827DRU Firmware 2.08B01 - Unauthenticated Admin Password Change via Hidden Command

CVE-2021-20152 MEDIUM

Trendnet TEW-827DRU Firmware 2.08B01 - Unauthenticated Access to BitTorrent Web Client

CVE-2021-20150 MEDIUM

Trendnet TEW-827DRU Firmware 2.08B01 - Unauthenticated Information Disclosure via Setup Wizard Redirection

CVE-2021-45232 CRITICAL

Apache APISIX Dashboard < 2.10.1 - Unauthenticated API Access via Gin Framework Bypass

CVE-2021-36780 HIGH

Longhorn < 1.1.3 - Unauthenticated Critical Function Access via Replica Instance

CVE-2021-36779 CRITICAL

Longhorn < 1.1.3 - Unauthenticated Arbitrary Binary Execution

CVE-2021-36888 CRITICAL

Image Hover Effects Ultimate <= 9.6.1 - Unauthenticated Arbitrary Options Update

CVE-2021-22279 CRITICAL

ABB OmniCore C30 Firmware < 7.3.2 - Missing Authentication for Critical Function via Connected Services Gateway

CVE-2021-44152 CRITICAL

Reprise License Manager < 15.1 - Unauthenticated Password Change via /goform/change_password_process

CVE-2021-34543 HIGH

Solar-Log 500 < 2.8.2 - Unauthenticated Administrative Access

CVE-2021-38283 HIGH

Wipro Holmes Orchestrator <20.4.1 - Info Disclosure

CVE-2021-38147 HIGH

Wipro Holmes Orchestrator 20.4.1 - Info Disclosure

CVE-2021-44077 CRITICAL KEV

ManageEngine ServiceDesk Plus CVE-2021-44077

CVE-2021-42783 CRITICAL

D-Link DWR-932C E1 Firmware < 1.0.0.4 - Unauthenticated Administrative Action Execution via debug_post_set.cgi

CVE-2021-39233 CRITICAL

Apache Ozone < 1.2.0 - Unauthenticated Container Request Access

Previous Page 68 of 98 Next

Details

Vulnerabilities 2,438

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy