Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,451 vulnerabilities with CWE-306

CVE-2020-14479 MEDIUM

Ignition 7.0.0-7.9.13 - Unauthenticated Sensitive Information Exposure via Serialized Data Handling

CVE-2020-10640 CRITICAL

Emerson OpenEnterprise <3.3.4 - Command Injection

CVE-2020-25566 CRITICAL

SapphireIMS 5.0 - Unauthenticated Account Takeover via Save_Password Form

CVE-2020-25563 CRITICAL

SapphireIMS 5.0 - Unauthenticated Remote Command Execution via RemoteMgmtTaskSave

CVE-2020-36239 CRITICAL

Atlassian Jira Data Center < 8.5.16 - Missing Authorization

CVE-2020-7389 MEDIUM

Sage Syracuse 9.0-9.22.7.2 - Authenticated OS Command Injection via CHAINE Variable

CVE-2020-21936 MEDIUM

Motorola CX2 Firmware - Unauthenticated Information Disclosure via HNAP1/GetMultipleHNAPs

CVE-2020-21934 HIGH

Motorola CX2 Firmware CX 1.0.2 Build 20190508 Rel.97360n - Unauthenticated Syslog Download

CVE-2020-20472 MEDIUM

White Shark System 1.3.2 - Unauthenticated Sensitive Information Disclosure via if_get_addbook.php

CVE-2020-25634 MEDIUM

Red Hat 3scale < 2.10.0 - Unauthenticated Sensitive Information Exposure via API Docs URL

CVE-2020-25697 HIGH

X.org X Server - Missing Authentication for Critical Function

CVE-2020-4670 CRITICAL

IBM Planning Analytics Local 2.0 - Unauthenticated Redis Server Access

CVE-2020-36125 HIGH

Pax Technology PAXSTORE < 7.0.8_20200511171508 - Authenticated Incorrect Access Control via Direct Endpoint Request

CVE-2020-36333 CRITICAL

themegrill_demo_importer < 1.6.2 - Unauthenticated Database Wipe via reset_wizard_actions Hook

CVE-2020-35758 CRITICAL

Librewireless Ls9 Firmware - Missing Authentication

CVE-2020-35757 CRITICAL

Librewireless Ls9 Firmware - Missing Authentication

CVE-2020-35756 HIGH

Librewireless Ls9 Firmware - Missing Authentication

CVE-2020-35755 HIGH

Librewireless Ls9 Firmware - Missing Authentication

CVE-2020-21997 HIGH

Smartwares HOME easy <=1.0.9 - Unauthenticated Database Backup Download and Information Disclosure

CVE-2020-21996 HIGH

AVE DOMINAplus <=1.10.x - Unauthenticated Denial of Service via Reboot Command Execution

CVE-2020-17517 HIGH

Apache Ozone <1.1.0 - Info Disclosure

CVE-2020-15078 HIGH

OpenVPN < 2.4.11 - Authentication Bypass via Deferred Authentication

CVE-2020-25218 CRITICAL

Grandstream GRP261x Firmware 1.0.3.6 - Unauthenticated Authentication Bypass in Administrative Web Interface

CVE-2020-28899 CRITICAL

ZyXEL LTE4506-M606 Firmware < v1.00(ABDO.6)C0 - Unauthenticated Remote Command Execution via CGI Script

CVE-2020-35226 HIGH

NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 - Unauthenticated DHCP Configuration Modification

Previous Page 74 of 99 Next

Details

Vulnerabilities 2,451

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy