Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,343 vulnerabilities with CWE-306

CVE-2026-4810 CRITICAL

Remote Code Execution in Google Agent Development Kit (ADK)

CVE-2026-6129 HIGH

zhayujie chatgpt-on-wechat CowAgent Agent Mode Service missing authentication

CVE-2026-6126 HIGH

zhayujie chatgpt-on-wechat CowAgent Administrative HTTP Endpoint missing authentication

CVE-2026-5724 MEDIUM

Missing Authentication on Streaming gRPC Replication Endpoint

CVE-2026-40184 LOW

Unauthenticated Access to Uploaded Files in TREK

CVE-2026-5777 HIGH

Security Misconfiguration Vulnerability in Atom 3x Projector

CVE-2026-39848 MEDIUM

Dockyard's Unauthenticated Cron Endpoint in Dockyard Enables Container Enumeration and Database Manipulation

CVE-2026-33788 HIGH

Junos OS Evolved: Local, authenticated attacker can gain privileged access to FPCs

CVE-2026-4436 HIGH

GPL Odorizers GPL750 Missing Authentication for Critical Function

CVE-2026-39987 CRITICAL KEV

marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass

CVE-2026-39393 HIGH

Post-Installation Re-entry via Cache-Dependent Install Guard Bypass in ci4ms

CVE-2026-5300 MEDIUM

Missing Authentication for Critical Function in coolercontrold

CVE-2026-39363 HIGH

Vite Affected by Arbitrary File Read via Vite Dev Server WebSocket

CVE-2026-35584 MEDIUM

FreeScout <1.8.212 Open Tracking Endpoint - Insecure Direct Object Reference

CVE-2026-35523 HIGH

Authentication bypass in strawberry-graphql via legacy graphql-ws WebSocket subprotocol

CVE-2026-22679 CRITICAL

Weaver E-cology 10.0 Unauthenticated RCE via dubboApi Debug Endpoint

CVE-2026-1900 MEDIUM

Link Whisper Free < 0.9.1 - Unauthenticated Settings and User Meta Update

CVE-2026-35450 MEDIUM

WWBN AVideo has Unauthenticated FFmpeg Remote Server Status Disclosure via check.ffmpeg.json.php

CVE-2026-5676 HIGH

Totolink A8000R cstecgi.cgi setLanguageCfg missing authentication

CVE-2026-26027 HIGH

GLPI 11.0.0-11.0.5 Inventory - Unauthenticated Stored Cross-Site Scripting

CVE-2026-5632 HIGH

assafelovic gpt-researcher HTTP REST API Endpoint missing authentication

CVE-2026-5616 HIGH

JeecgBoot AI Chat JeecgBizToolsProvider.java missing authentication

CVE-2026-4272 HIGH

Honeywell Barcode Scanners - Auth Bypass

CVE-2026-34952 CRITICAL

PraisonAI: Missing Authentication in WebSocket Gateway

CVE-2026-32646 HIGH

Gardyn Cloud API Missing Authentication for Critical Function

Previous Page 8 of 94 Next

Details

Vulnerabilities 2,343

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy