Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,451 vulnerabilities with CWE-306

CVE-2020-20627 MEDIUM

GiveWP < 2.5.9 - Unauthenticated Settings Change via Admin Actions

CVE-2020-15483 MEDIUM

Niscomed M1000 Multipara Patient Monitor Firmware - Unauthenticated Root Shell via UART Debug Port

CVE-2020-9062 MEDIUM

Diebold Nixdorf ProCash 2100xe USB ATMs - Info Disclosure

CVE-2020-10124 HIGH

NCR SelfServ ATMs APTRA XFS 05.01.00 - Code Injection

CVE-2020-24051 CRITICAL

Moog EXO Series - Privilege Escalation

CVE-2020-3448 MEDIUM

Cisco Cyber Vision Center Software - Auth Bypass

CVE-2020-17475 HIGH

MEGVII Koala 2.9.1-c3s - Info Disclosure

CVE-2020-12106 CRITICAL

VPNCrypt M10 2.6.5 - Unauthenticated Administrative Function Access via Web Portal

CVE-2020-6309 HIGH

SAP NetWeaver AS JAVA - Unauthenticated Denial of Service via Web Service

CVE-2020-6294 CRITICAL

SAP Business Objects Business Intelligence Platform <4.3 - Auth Bypass

CVE-2020-16167 CRITICAL

Robotemi Launcher OS < 13146 - Missing Authentication

CVE-2020-15136 MEDIUM

ectd <3.4.10, <3.3.23 - Info Disclosure

CVE-2020-15127 HIGH

Contour < 1.7.0 - Unauthenticated Denial of Service via Envoy Shutdown Endpoint

CVE-2020-3461 MEDIUM

Cisco Data Center Network Manager < 11.4(1) - Unauthenticated Information Disclosure via Web Interface

CVE-2020-3376 HIGH

Cisco Data Center Network Manager - Unauthenticated Authentication Bypass via Hosted URLs

CVE-2020-2076 CRITICAL

SICK Package Analytics <= 04.0.0 - Unauthenticated Authentication Bypass via REST API

CVE-2020-15391 CRITICAL

DevSpace < 4.14.0 - Unauthenticated Remote Code Execution via WebSocket Protocol

CVE-2020-10921 CRITICAL

C-MORE HMI EA9 Firmware <6.52 - RCE

CVE-2020-10920 CRITICAL

C-MORE HMI EA9 Firmware <6.52 - RCE

CVE-2020-15894 HIGH

D-Link DIR-816L Firmware 2.x - Unauthenticated Sensitive Information Exposure via getcfg.php DEVICE.ACCOUNT

CVE-2020-12028 HIGH

FactoryTalk View SE - Authenticated Remote Code Execution via Unrestricted Data Handler

CVE-2020-10605 HIGH

Grundfos CIM 500 <6.16.00 - Info Disclosure

CVE-2020-13405 HIGH

Microweber <1.1.20 - Info Disclosure

CVE-2020-14501 CRITICAL

Advantech iView < 5.6 - Unauthenticated Information Disclosure and Account Deletion

CVE-2020-5373 MEDIUM

Dell EMC OpenManage Integration for Microsoft System Center < 7.2.1 - Unauthenticated Information Disclosure

Previous Page 79 of 99 Next

Details

Vulnerabilities 2,451

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy