Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,439 vulnerabilities with CWE-306

CVE-2021-39233 CRITICAL

Apache Ozone < 1.2.0 - Unauthenticated Container Request Access

CVE-2021-41266 HIGH

Minio Console < 0.12.3 - Authentication Bypass via External IDP Misconfiguration

CVE-2021-20136 CRITICAL

ManageEngine Log360 < 5235 - Unauthenticated Database Configuration Overwrite and Remote Code Execution

CVE-2021-33259 MEDIUM

D-Link DIR-868LW 1.12b - Info Disclosure

CVE-2021-41157 MEDIUM

FreeSWITCH < 1.10.6 - Unauthenticated SIP SUBSCRIBE Event Notification Access

CVE-2021-37624 HIGH

FreeSWITCH < 1.10.7 - Unauthenticated SIP MESSAGE Spoofing and Spam

CVE-2021-42539 HIGH

Emerson Wireless 1410/1410D/1420 Gateway Firmware < 4.7.94 - Unauthenticated Account Takeover via Backup Restore

CVE-2021-38457 CRITICAL

versiondog < 8.0.0 - Unauthenticated Improper Access Control

CVE-2021-27395 HIGH

SIMATIC Process Historian <2013-2020 - Info Disclosure

CVE-2021-41976 MEDIUM

tad_uploader < 3.5.4 - Unauthenticated Authorization Bypass in Edit Book List Function

CVE-2021-41975 HIGH

TadTools < 3.2.2 - Unauthenticated Arbitrary File Deletion via Special Page Parameter

CVE-2021-41974 CRITICAL

Tad Book3 < 3.9 - Unauthenticated Arbitrary Book Content Modification

CVE-2021-41568 MEDIUM

Tad Web < 1.76 - Unauthenticated Authorization Bypass

CVE-2021-35979 HIGH

Digi RealPort <4.8.488.0 - Info Disclosure

CVE-2021-23858 HIGH

Bosch Rexroth IndraMotion MLC and IndraControl XLC Firmware < 12 - Unauthenticated Information Disclosure via Web Server

CVE-2021-39879 LOW

GitLab 7.11.0-14.1.7 - Missing Authentication for Two-Factor Disabling

CVE-2021-3825 CRITICAL

LiderAhenk <2.1.15 - Info Disclosure

CVE-2021-41104 HIGH

ESPHome < 2021.9.2 - Unauthenticated Over-the-Air Update via Web Server

CVE-2021-22012 HIGH

VMware Cloud Foundation 3.0-5.0 and vCenter Server - Unauthenticated Information Disclosure via Appliance Management API

CVE-2021-37420 MEDIUM

ManageEngine ADSelfService Plus < 6112 - Unauthenticated Mail Spoofing

CVE-2021-38412 CRITICAL

Digi PortServer TS 16 Rack - Info Disclosure

CVE-2021-33543 CRITICAL

Multiple Camera Devices - Info Disclosure

CVE-2021-28913 CRITICAL

BAB TECHNOLOGIE eibPort V3 < 3.9.1 - Unauthenticated SSH Root Access via Hardcoded Passphrase Exposure

CVE-2021-38540 CRITICAL

Airflow >=2.0.0-<2.1.3 - RCE/Info Disclosure

CVE-2021-32800 HIGH

Nextcloud <20.0.12-22.1.0 - Auth Bypass

Previous Page 69 of 98 Next

Details

Vulnerabilities 2,439

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy