Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,451 vulnerabilities with CWE-306

CVE-2020-9004 HIGH

Wowza Streaming Engine < 4.8.0 - Authenticated Authorization Bypass via Administration Panel

CVE-2020-11673 CRITICAL

Responsive Poll < 1.3.4 - Unauthenticated Poll Manipulation via wp_ajax_nopriv Callback

CVE-2020-3952 CRITICAL KEV

VMware vCenter Server vmdir Information Disclosure

CVE-2020-10625 CRITICAL

Advantech WebAccess/NMS < 3.0.2 - Unauthenticated Admin Account Creation

CVE-2020-10263 MEDIUM

XIAOMI XIAOAI Speaker Pro LX06 1.52.4 - Unauthenticated Root Shell Access via UART Interface

CVE-2020-11599 HIGH

CIPAce 6.80-9.1 - Unauthenticated Credential Exposure via GetDistributedPOP3

CVE-2020-11598 CRITICAL

CIPPlanner CIPAce < 9.1 - Unauthenticated Remote Code Execution via Upload.ashx

CVE-2020-9473 MEDIUM

Siedle SG 150-0 Firmware < 1.2.4 - Unauthenticated Root Access via Passwordless FTP/SSH User

CVE-2020-10265 CRITICAL

Universal Robots ur_software 3.0.14989-3.3.3.292 - Unauthenticated Access to DashBoard Server

CVE-2020-10264 HIGH

Universal Robots ur_software 3.0.14989-3.3.3.292 - Unauthenticated Robot Data Exposure via RTDE Interface

CVE-2020-11547 MEDIUM

PRTG Network Monitor < 20.1.57.1745 - Unauthenticated Information Disclosure via login.htm or index.htm

CVE-2020-9349 HIGH

CACAGOO TV-288ZD-2MP Firmware 3.4.2.0919 - Unauthenticated RTSP Service Access

CVE-2020-8509 HIGH

Zoho ManageEngine Desktop Central <10.0.483 - Info Disclosure

CVE-2020-3920 HIGH

UltraLog Express Firmware - Unauthenticated Privileged Account Management via System Directory

CVE-2020-10965 HIGH

Teradici PCoIP Management Console <20.01.0, 19.11.1 - Auth Bypass

CVE-2020-10833 HIGH

Samsung Android Q(10.0) - Unauthenticated Lockscreen Bypass via DeX Quick Panel

CVE-2020-10874 HIGH

Motorola FX9500 - Unauthenticated Database File Read

CVE-2020-7479 HIGH

Schneider-electric Interactive Graphi... - Missing Authentication

CVE-2020-8497 MEDIUM

Artica Pandora FMS <7.42 - Info Disclosure

CVE-2020-9325 HIGH

Aquaforest TIFF Server 4.0 - Unauthenticated Arbitrary File Download via Path Traversal

CVE-2020-8598 CRITICAL

Trend Micro Apex One, OfficeScan XG, Worry-Free Business Security 9.0-10.0 - Unauthenticated Remote Code Execution

CVE-2020-10079 MEDIUM

GitLab 7.10.0-12.8.1 - Missing Authentication for Critical Function

CVE-2020-6207 CRITICAL KEV

SAP Solution Manager 7.2 - Auth Bypass

CVE-2020-6198 CRITICAL

SAP Solution Manager <720 - Unauthenticated RCE

CVE-2020-0052 MEDIUM

Android 10 - Unauthenticated SMS Sending via Lock Screen Permissions Bypass

Previous Page 82 of 99 Next

Details

Vulnerabilities 2,451

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy