Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,451 vulnerabilities with CWE-306

CVE-2020-26567 MEDIUM

D-Link DSR-250N < 3.17b - Unauthenticated Denial of Service via upgradeStatusReboot.cgi

CVE-2020-3598 MEDIUM

Cisco Vision Dynamic Signage Director - Unauthenticated Access to Confidential Info and Config Changes

CVE-2020-26876 HIGH

WordPress wp-courses <2.0.27 - Auth Bypass

CVE-2020-26599 MEDIUM

Samsung Android Q(10.0) - Unauthenticated DynamicLockscreen Terms Acceptance

CVE-2020-24217 CRITICAL

HiSilicon Video Encoder Firmware - Unauthenticated Arbitrary Code Execution via Firmware Upload

CVE-2020-6875 CRITICAL

ZTE ZXONE 19700 SNPE Firmware - Unauthenticated Access Control Bypass

CVE-2020-26061 HIGH

ClickStudios Passwordstate < 8.5 - Unauthenticated Authentication Bypass via ResetPassword Function

CVE-2020-12127 HIGH

WAVLINK WN530H4 M30H4.V5030.190403 - Unauthenticated Information Disclosure via ExportAllSettings.sh Endpoint

CVE-2020-9487 HIGH

Apache NiFi 1.0.0-1.11.4 - Unauthenticated Denial of Service via Download Token Flooding

CVE-2020-19670 MEDIUM

Niushop B2B2C Multi-Business Basic Edition V1.11 - Unauthenticated Password Reset

CVE-2020-12506 CRITICAL

WAGO 750-8XX Series < FW03 - Unauthenticated Settings Modification

CVE-2020-12505 HIGH

WAGO 750-8XX series <= FW07 - Auth Bypass

CVE-2020-25747 CRITICAL

Rubetek RV-3406, RV-3409, and RV-3411 Firmware v339, v342 - Unauthenticated Access to RTSP and ONFIV Services

CVE-2020-15851 CRITICAL

Nakivo Backup & Replication Transporter 9.4.0.r43656 - Unauthenticated Remote Access to Backup Repositories

CVE-2020-11856 CRITICAL

Micro Focus Operation Bridge Reporter < 10.40 - Remote Code Execution

CVE-2020-3977 MEDIUM

VMware Horizon DaaS 7.x-8.x < 8.0.1 - Authenticated Two-Factor Authentication Bypass

CVE-2020-23512 CRITICAL

VR CAM P1 Model P1 v1 - Info Disclosure

CVE-2020-16098 CRITICAL

Gallagher Command Centre < 8.00.1228 - Missing Authentication

CVE-2020-13289 MEDIUM

GitLab <13.1.10-13.3.4 - Info Disclosure

CVE-2020-13920 MEDIUM

Apache ActiveMQ < 5.15.12 - Unauthenticated JMX RMI Registry Manipulation

CVE-2020-5780 MEDIUM

Icegram Email Subscribers & Newsletters <4.5.6 - Info Disclosure

CVE-2020-11579 HIGH

Chadha PHPKB 9.0 Enterprise Edition - Unauthenticated Local File Disclosure via Installer Test Connection

CVE-2020-12621 MEDIUM

Teamwire app <5.3.0 - Info Disclosure

CVE-2020-25048 MEDIUM

Samsung Android Q with ONEUI 2.1 - Unauthenticated File Injection via Quick Share

CVE-2020-24363 HIGH KEV

TP-Link TL-WA855RE V5 - Privilege Escalation

Previous Page 78 of 99 Next

Details

Vulnerabilities 2,451

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy