Weaknesses of type CWE-306
1,715 resultsCVE-2023-24934MEDIUMMicrosoft Defender Security Feature Bypass VulnerabilityEPSS 0.5%CVE-2025-8350CRITICALAuthentication Bypass with Redirect in BiEticaret Software's BiEticaret CMSEPSS 0.5%CVE-2025-70141CRITICALSourceCodester Customer Support System 1.0 contains an incorrect access control vulnerability in ajax.php. The AJAX dispatcher does not enfoEPSS 0.5%CVE-2026-35053CRITICALOneUptime: Unauthenticated Workflow Execution via ManualAPIEPSS 0.5%CVE-2024-7940HIGHThe product exposes a service that is intended for local only to
all network interfaces without any authentication.EPSS 0.5%CVE-2026-40620CRITICALSenseLive X3050 Missing authentication for critical functionEPSS 0.5%CVE-2026-43920MEDIUMFOSSBilling: Unauthenticated update patcher endpoint allows remote maintenance executionEPSS 0.5%CVE-2026-31071CRITICALAPI endpoints in LalanaChami Pharmacy Management System (commit 5c3d028) lack authentication middleware. Unauthenticated remote attackers caEPSS 0.5%CVE-2025-8558LOWInsider Threat Management (ITM) Server versions prior to 7.17.2 contain an authentication bypass vulnerability that allows unauthenticated uEPSS 0.5%CVE-2026-42074CRITICALOpenClaude: Sandbox Bypass via Model-Controlled `dangerouslyDisableSandbox` InputEPSS 0.5%CVE-2026-30933HIGHFileBrowser Quantum Incomplete Remediation of CVE-2026-27611: Password-Protected Share Bypass via /public/api/share/infoEPSS 0.5%CVE-2026-7415CRITICALOpen MQTT orchestration without read/write ACLs in Yarbo robot firmwareEPSS 0.5%CVE-2026-49973CRITICALHermes WebUI < 0.51.358 Unauthenticated Password Takeover via /api/settingsEPSS 0.5%CVE-2022-35136MEDIUMBoodskap IoT Platform v4.4.9-02 allows attackers to make unauthenticated API requests.EPSS 0.5%CVE-2023-40170MEDIUMcross-site inclusion (XSSI) of files in jupyter-serverEPSS 0.5%CVE-2024-50381HIGHMissing Authentication for Critical Function in Snap One OVRC cloudEPSS 0.5%CVE-2020-36873HIGHAstak CM-818T3 Unauthenticated Configuration DisclosureEPSS 0.5%CVE-2022-20861CRITICALCisco Nexus Dashboard Unauthorized Access VulnerabilitiesEPSS 0.5%CVE-2024-8530MEDIUMCWE-306: Missing Authentication for Critical Function vulnerability exists that could
cause exposure of private data when an already generatEPSS 0.5%CVE-2026-26944HIGHDell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13EPSS 0.5%