Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,439 vulnerabilities with CWE-306

CVE-2021-37415 CRITICAL KEV

Zoho ManageEngine ServiceDesk Plus < 11302 - Unauthenticated Authentication Bypass via REST-API URLs

CVE-2021-27668 MEDIUM

HashiCorp Vault Enterprise <1.6.2 - Info Disclosure

CVE-2021-33882 MEDIUM

B. Braun SpaceCom2 < 012U000062 - Unauthenticated Device Reconfiguration via Proprietary Networking Commands

CVE-2021-39144 HIGH KEV

XStream < 1.4.18 - Remote Code Execution via Untrusted Data Deserialization

CVE-2021-31868 MEDIUM

Rapid7 Nexpose < 6.6.96 - Authenticated Insecure Direct Object Reference in Legacy Ticketing Feature

CVE-2021-35936 MEDIUM

Apache Airflow < 2.1.2 - Info Disclosure

CVE-2021-37697 HIGH

tmerc-cogs < 3.0 - Unauthenticated Sensitive Information Exposure via Membership Event Message

CVE-2021-37696 HIGH

tmerc-cogs < 3.0 - Unauthenticated Sensitive Information Exposure via MassDM Message

CVE-2021-37843 CRITICAL

Atlassian SAML Single Sign-On < 2.5.9, < 3.5.6, < 3.6.6.1 - Unauthenticated Authentication Bypass

CVE-2021-32794 MEDIUM

ArchiSteamFarm < 5.1.2.4 - Improper Authentication via IPC Password Removal

CVE-2021-22784 MEDIUM

C-Bus Toolkit <1.15.8 - Auth Bypass

CVE-2021-22772 CRITICAL

Easergy T200 Firmware < SC2-04MOD-07000100 - Unauthenticated Critical Function Access

CVE-2021-36124 CRITICAL

Echo ShareCare <8.15.5 - Info Disclosure

CVE-2021-28809 CRITICAL

QNAP Hybrid Backup Sync < 3.0.210507 - Improper Access Control

CVE-2021-20474 HIGH

IBM Guardium Data Encryption <4.0.0.4 - DoS

CVE-2021-33221 CRITICAL

CommScope Ruckus IoT Controller <1.7.1.0 - Info Disclosure

CVE-2021-34621 CRITICAL

ProfilePress 3.0.0-3.1.3 - Unauthenticated Privilege Escalation via Registration

CVE-2021-20107 MEDIUM

Sloan Optima EAF/EBF Firmware - Unauthenticated BLE Interface Access

CVE-2021-35941 HIGH

Western Digital WD My Book Live - Auth Bypass

CVE-2021-31337 CRITICAL

SINAMICS SL150, SM150, and SM150i Firmware - Unauthenticated Telnet Access

CVE-2021-32709 MEDIUM

Shopware <6.4.1.1 - Info Disclosure

CVE-2021-33346 CRITICAL

D-LINK DSL-2888A - Privilege Escalation

CVE-2021-32700 CRITICAL

Ballerina <1.2.14 - Supply Chain Attack

CVE-2021-32659 MEDIUM

Matrix-appservice-bridge <2.6.0 - Info Disclosure

CVE-2021-32930 CRITICAL

Advantech iView < 5.7.03.6182 - Unauthenticated Arbitrary Code Execution

Previous Page 70 of 98 Next

Details

Vulnerabilities 2,439

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy