Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,452 vulnerabilities with CWE-306

CVE-2019-18980 HIGH

Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb - Info ...

CVE-2019-18939 CRITICAL

HM-Print AddOn through 1.2a - Unauthenticated Remote Code Execution via TCL Script Execution in exec.cgi and exec1.cgi

CVE-2019-18938 CRITICAL

eQ-3 Homematic CCU2/CCU3 <2.47.20/<3.47.18 - Remote Code Execution

CVE-2019-18937 CRITICAL

eQ-3 Homematic CCU2/CCU3 <2.47.20/<3.47.18 - Remote Code Execution

CVE-2019-18925 CRITICAL

Systematic IRIS WebForms 5.4 - Info Disclosure

CVE-2019-17235 MEDIUM

igniteup < 3.4 - Unauthenticated Information Disclosure via Coming Soon Creator Class

CVE-2019-17234 HIGH

igniteup < 3.4 - Unauthenticated Arbitrary File Deletion via class-coming-soon-creator.php

CVE-2019-5644 CRITICAL

Computing For Good's Basic Laboratory Information System < 3.5 - Unauthenticated Improper Access Control

CVE-2019-5643 MEDIUM

Computing For Good's Basic Laboratory Information System < 3.5 - Unauthenticated User and Facility Name Enumeration

CVE-2019-5617 CRITICAL

Computing For Good's Basic Laboratory Information System < 3.4 - Unauthenticated Administrator Password Change

CVE-2019-18230 HIGH

Honeywell equIP and Performance Series IP Cameras - Unauthenticated Audio Streaming Access

CVE-2019-16907 MEDIUM

Infosysta In-App & Desktop Notifications 1.6.13_J8 - Unauthenticated User Enumeration via UserFilter Endpoint

CVE-2019-16906 HIGH

Infosysta In-App & Desktop Notifications 1.6.13_J8 - Unauthenticated Authorization Bypass via Push Notification Endpoint

CVE-2019-13547 CRITICAL

Advantech WISE-PaaS/RMM <3.3.29 - Info Disclosure

CVE-2019-18465 CRITICAL

MOVEit Transfer <11.1.3 - Auth Bypass

CVE-2019-3978 HIGH

MikroTik RouterOS < 6.44.5 and < 6.45.6 - Unauthenticated DNS Cache Poisoning via Port 8291

CVE-2019-14927 HIGH

Mitsubishi Electric and INEA ME-RTU Firmware < 2.02 and < 3.0 - Unauthenticated Sensitive Configuration Download

CVE-2019-13549 HIGH

Rittal Chiller SK 3232-Series - Auth Bypass

CVE-2019-13525 MEDIUM

Honeywell IP-AK2 Firmware < 1.04.07 - Unauthenticated Web Configuration Data Exposure

CVE-2019-15064 CRITICAL

HiNet GPON Firmware < I040GWR190731 - Unauthenticated Device Login

CVE-2019-17512 CRITICAL

D-Link DIR-412 A1-1.14WW - Unauthenticated Log Clearing via log_clear.php

CVE-2019-15282 MEDIUM

Cisco Identity Services Engine Software - Unauthenticated Information Disclosure via Web Interface

CVE-2019-17511 HIGH

D-Link DIR-412 A1-1.14WW - Unauthenticated Information Disclosure via log_get.php

CVE-2019-17532 HIGH

Belkin Wemo Switch 28B WW_2.00.11057.PVT-OWRT-SNS - Denial of Service via Crafted StoreRules Request

CVE-2019-17506 CRITICAL

D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 - Unauthenticated Information Disclosure via getcfg.php

Previous Page 87 of 99 Next

Details

Vulnerabilities 2,452

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy