Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,343 vulnerabilities with CWE-306

CVE-2026-28767 MEDIUM

Gardyn Cloud API Missing Authentication for Critical Function

CVE-2026-28766 CRITICAL

Gardyn Cloud API Missing Authentication for Critical Function

CVE-2026-0545 CRITICAL

Missing Authentication for Critical Function in mlflow/mlflow

CVE-2026-32211 CRITICAL

Azure MCP Server Information Disclosure Vulnerability

CVE-2026-35053 CRITICAL

OneUptime: Unauthenticated Workflow Execution via ManualAPI

CVE-2026-34758 CRITICAL

OneUptime: Missing Authentication on Notification Endpoints

CVE-2026-33951 HIGH

signalk-server: Unauthenticated Source Priorities Manipulation

CVE-2026-29132 HIGH

SEPPmail Secure Email Gateway - ESWmail-Verify Bypass

CVE-2026-5320 HIGH

vanna-ai vanna Chat API Endpoint v2 missing authentication

CVE-2026-21767 MEDIUM

HCL BigFix Platform is affected by insufficient authentication

CVE-2026-34072 HIGH

cronmaster: Middleware authentication bypass enabling unauthorized page access and server-action execution

CVE-2026-34999 MEDIUM

OpenViking 0.2.5 < 0.2.14 Bot Proxy Endpoints Allow Unauthenticated Access

CVE-2026-4370 CRITICAL

Improper TLS Client/Server authentication and certificate verification on Database Cluster

CVE-2026-34732 MEDIUM

AVideo: Missing Authentication in CreatePlugin list.json.php Template Affects 21 Endpoints

CVE-2026-34731 HIGH

AVideo: Unauthenticated Live Stream Termination via RTMP Callback on_publish_done.php

CVE-2026-1579 CRITICAL

PX4 Autopilot Missing authentication for critical function

CVE-2026-3356 CRITICAL

Missing Authentication for Critical Function vulnerability in Anritsu Remote Spectrum Monitor

CVE-2026-34227 HIGH

Sliver One-Click Remote Access: Insecure CORS & Unauthenticated MCP Interface

CVE-2026-34200 HIGH

Nhost CLI MCP Server: Missing Inbound Authentication on Explicitly Bound Network Port

CVE-2026-34162 CRITICAL

FastGPT: Unauthenticated SSRF via httpTools Endpoint Leads to Internal API Key Theft

CVE-2026-33032 CRITICAL

Nginx UI: Unauthenticated MCP Endpoint Allows Remote Nginx Takeover

CVE-2026-34472 HIGH

ZTE ZXHN H188A V6.0.10P2_TE/V6.0.10P3N3_TE - Info Disclosure

CVE-2026-5000 HIGH

PromtEngineer localGPT API Endpoint server.py LocalGPTHandler missing authentication

CVE-2026-34411 MEDIUM

Appsmith < 1.98 Unauthenticated Instance Configuration Disclosure via Management APIs

CVE-2026-4959 HIGH

OpenBMB XAgent ShareServer WebSocket Endpoint share.py check_user missing authentication

Previous Page 9 of 94 Next

Details

Vulnerabilities 2,343

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy