Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,452 vulnerabilities with CWE-306

CVE-2019-17505 HIGH

D-Link DAP-1320 A2-V1.21 - Unauthenticated Information Disclosure via uplink_info.xml

CVE-2019-9529 MEDIUM

Cobham EXPLORER 710 - Info Disclosure

CVE-2019-15018 HIGH

Zingbox Inspector < 1.280 - Unauthenticated Tenant Binding

CVE-2019-17354 CRITICAL

Zyxel NBG-418N v2 Firmware V1.00(AARP.9)C0 - Unauthenticated Information Disclosure and Data Modification via wan.htm

CVE-2019-17353 HIGH

D-Link DIR-615 Firmware 20.05 and 20.07 - Unauthenticated Information Disclosure and Data Modification via wan.htm

CVE-2019-0379 MEDIUM

SAP Process Integration 1.0, 2.0 - Missing Authentication for Critical Function

CVE-2019-17186 HIGH

FiberHome HG2201T 1.00.M5007_JS_201804 - Unauthenticated Remote Code Execution via telnet.cgi

CVE-2019-17232 HIGH

Ultimate FAQ < 1.8.24 - Unauthenticated Options Import via EWD_UFAQ_Import.php

CVE-2019-17219 HIGH

V-Zug Combi-Steam MSLQ Firmware < ethernet_r07 - Unauthenticated Network Access

CVE-2019-8292 MEDIUM

Online Store System v1.0 - Unauthenticated Arbitrary Product Deletion via delete_product.php

CVE-2019-15940 CRITICAL

Victure PC530 - Unauthenticated Root Access

CVE-2019-13523 MEDIUM

Honeywell Performance IP Cameras and NVRs - Unauthenticated Information Disclosure via Web Configuration Endpoint

CVE-2019-15068 CRITICAL

Gigastone Smart Battery A4 Firmware <= r1.7.9 - Unauthenticated Administrator Password Reset

CVE-2019-6652 MEDIUM

F5 BIG-IQ Centralized Management 6.0.0-6.1.0 - Unauthenticated Cleartext Transmission of Sensitive Information

CVE-2019-5504 CRITICAL

ONTAP Select Deploy administration utility 2.12 & 2.12.1 - Unauthenticated Administrative Access via HTTP Service

CVE-2019-14253 MEDIUM

Publisure 2.1.2 - Unauthenticated Authentication Bypass via Servlet Controller

CVE-2019-16199 CRITICAL

eQ-3 Homematic CCU2 <2.47.18 & CCU3 <3.47.18 - RCE

CVE-2019-8449 MEDIUM

Jira < 8.4.0 - Information Disclosure via Group User Picker Endpoint

CVE-2019-11496 CRITICAL

Couchbase Server <5.0 - Info Disclosure

CVE-2019-11466 MEDIUM

Couchbase Server <6.0.1 - Info Disclosure

CVE-2019-12105 HIGH

Supervisor <4.0.2 - Info Disclosure

CVE-2019-15896 CRITICAL

LifterLMS <3.34.5 - Privilege Escalation

CVE-2019-15895 HIGH

WordPress Search Exclude <1.2.4 - Unauthenticated Options Change

CVE-2019-10668 CRITICAL

LibreNMS < 1.47 - Unauthenticated Sensitive Information Disclosure

CVE-2019-15102 CRITICAL

Sahi Pro 6.0.0-8.0.0 - Unauthenticated Remote Code Execution via TestRunner Endpoint

Previous Page 88 of 99 Next

Details

Vulnerabilities 2,452

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy