Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,451 vulnerabilities with CWE-306

CVE-2020-28937 HIGH

OpenClinic 0.8.2 - Unauthenticated Protected Health Information Exposure via /tests/ URI

CVE-2020-29389 CRITICAL

Crux Linux Docker <3.4 - Privilege Escalation

CVE-2020-29379 MEDIUM

V-SOL OLT Firmware - Unauthenticated Telnet Shell During Firmware Update

CVE-2020-29138 MEDIUM

SAGEMCOM F@ST3486 NET DOCSIS 3.0 NET_4.109.0 - Unauthenticated Configuration File Download via /backupsettings.conf

CVE-2020-29058 CRITICAL

Cdatatec 72408a Firmware - Missing Authentication

CVE-2020-27985 HIGH

Security Onion 2.0.0-2.3.9 - Unauthenticated Privilege Escalation via Sudo Configuration

CVE-2020-7561 CRITICAL

Easergy T300 Firmware < 2.7 - Unauthenticated Improper Access Control

CVE-2020-3531 CRITICAL

Cisco IoT Field Network Director < 4.6.1 - Unauthenticated Back-End Database Access via REST API

CVE-2020-3392 HIGH

Cisco IoT Field Network Director < 4.6.1 - Unauthenticated Sensitive Information Exposure via API

CVE-2020-26824 CRITICAL

SAP Solution Manager <7.20 - Privilege Escalation

CVE-2020-26823 CRITICAL

SAP Solution Manager <7.20 - Privilege Escalation

CVE-2020-26822 CRITICAL

SAP Solution Manager <7.20 - Privilege Escalation

CVE-2020-26821 CRITICAL

SAP Solution Manager <7.20 - Privilege Escalation

CVE-2020-13927 CRITICAL KEV

Apache Airflow < 1.10.11 - Unauthenticated Remote Code Execution via Experimental API

CVE-2020-27019 MEDIUM

Trend Micro IMSVA 9.1 - Info Disclosure

CVE-2020-10291 HIGH

KUKA Visual Components Network License Server - Unauthenticated Sensitive Information Disclosure via UDP Port 5093

CVE-2020-7128 CRITICAL

Aruba Airwave Glass < 1.3.2 - Unauthenticated Remote Code Execution

CVE-2020-27986 HIGH

SonarQube 8.4.2.36762 - Unauthenticated Cleartext Credential Exposure via API Settings Endpoint

CVE-2020-25966 HIGH

Sectona Spectra < 3.4.0 - Unauthenticated Sensitive Information Disclosure via SOAP API Endpoint

CVE-2020-26649 HIGH

AtomXCMS 2.0 - Missing Authorization via admin/dump.php

CVE-2020-7370 MEDIUM

Bolt Browser < 1.4 - Address Bar Spoofing

CVE-2020-7369 MEDIUM

Yandex Browser < 20.8.4 - Address Bar Spoofing

CVE-2020-12500 CRITICAL

Pepperl+Fuchs P+F Comtrol - Auth Bypass

CVE-2020-25824 LOW

Telegram Desktop < 2.4.3 - Unauthenticated Data Export via Export Key

CVE-2020-15243 CRITICAL

Smartstore 4.0.0-4.0.1 - Improper Authentication via Web API Plugin

Previous Page 77 of 99 Next

Details

Vulnerabilities 2,451

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy