Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,343 vulnerabilities with CWE-306

CVE-2026-34279 CRITICAL

Oracle Enterprise Manager Base Platform 13.5 - Privilege Escalation

CVE-2026-34275 CRITICAL

Oracle Advanced Inbound Telephony 12.2.3-12.2.15 - Product Takeover

CVE-2026-34266 MEDIUM

Oracle PeopleSoft Enterprise HCM Absence Management 9.2 - Privilege Escalation

CVE-2026-40884 CRITICAL

goshs: Empty-username SFTP password authentication bypass in goshs

CVE-2026-40050 CRITICAL

CrowdStrike LogScale Unauthenticated Path Traversal

CVE-2026-24177 HIGH

NVIDIA KAI Scheduler < 0.13.0 - Unauthenticated Information Disclosure via API Endpoints

CVE-2026-41039 HIGH

Information Disclosure Vulnerability in Quantum Networks Router QN-I-470

CVE-2026-34839 MEDIUM

Glances Vulnerable to Cross-Origin Information Disclosure via Unauthenticated REST API (/api/4) due to Permissive CORS

CVE-2026-26944 HIGH

Dell PowerProtect Data Domain 7.7.1.0-8.6 - Auth Bypass

CVE-2026-25058 HIGH

Vexa's unauthenticated internal transcript endpoint exposed by default

CVE-2026-6369 MEDIUM

Exposed Session Token in canonical-livepatch client snap

CVE-2026-32962 MEDIUM

silex technology SD-330AC <=Ver.1.42 - Auth Bypass

CVE-2026-32957 MEDIUM

silex technology SD-330AC <=Ver.1.42 - Auth Bypass

CVE-2026-6588 MEDIUM

serge-chat serge Model API Endpoint model.py delete_model missing authentication

CVE-2026-6582 HIGH

TransformerOptimus SuperAGI Vector Database Management Endpoint vector_dbs.py get_vector_db_details missing authentication

CVE-2026-6579 MEDIUM

liangliangyy DjangoBlog Clean Endpoint views.py missing authentication

CVE-2026-6577 HIGH

liangliangyy DjangoBlog logtracks Endpoint views.py missing authentication

CVE-2026-40461 HIGH

Anviz Products Missing Authentication for Critical Function

CVE-2026-35546 CRITICAL

Anviz Products Missing Authentication for Critical Function

CVE-2026-6348 HIGH

Simopro Technology｜WinMatrix - Missing Authentication

CVE-2026-34160 HIGH

Chamilo LMS: Unauthenticated SSRF via PENS Plugin allows attacker to probe internal network and reach cloud metadata services

CVE-2026-33715 HIGH

Chamilo LMS has Unauthenticated SSRF and Open Email Relay via install.ajax.php test_mailer action

CVE-2026-26160 HIGH

Remote Desktop Licensing Service Elevation of Privilege Vulnerability

CVE-2026-26159 HIGH

Remote Desktop Licensing Service Elevation of Privilege Vulnerability

CVE-2026-40289 CRITICAL

PraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension sessions

Previous Page 7 of 94 Next

Details

Vulnerabilities 2,343

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy