Weaknesses of type CWE-306

1,720 results
CVE-2025-30035CRITICALLack of API authentication allowing session generation for any userEPSS 0.2%CVE-2025-14038HIGHEDB Hybrid Manager contains a flaw that allows an unauthenticated attacker to directly access certain gRPC endpoints. This could allow an atEPSS 0.2%CVE-2024-39364HIGHAdvantech ADAM-5630 Missing Authentication for Critical FunctionEPSS 0.2%CVE-2023-6215HIGHHP Sure Start IFD Protection - BIOS Security UpdateEPSS 0.2%CVE-2024-53701LOWMultiple FCNT Android devices provide the original security features such as "privacy mode" where arbitrary applications can be set not to bEPSS 0.2%CVE-2021-26278MEDIUMSensitive information leakage vulnerability in wifi moduleEPSS 0.2%CVE-2021-21535HIGHDell Hybrid Client versions prior to 1.5 contain a missing authentication for a critical function vulnerability. A local unauthenticated attEPSS 0.2%CVE-2025-5719MEDIUMThe wallet has an authentication bypass vulnerability that allows access to specific pages.EPSS 0.2%CVE-2025-48397HIGHThe privileged user could log in without sufficient credentials after enabling an application protocol. This security issue has been fixed iEPSS 0.2%CVE-2025-47870MEDIUMTeam invite ID leaked to team admin with no member invite privilegesEPSS 0.2%CVE-2026-22727HIGHCloud Foundry unprotected internal endpointsEPSS 0.2%CVE-2023-47232MEDIUMWordPress WP Affiliate Disclosure plugin <= 1.2.6 - Broken Access Control + CSRF vulnerabilityEPSS 0.2%CVE-2025-44039MEDIUMCP-XR-DE21-S -4G Router Firmware version 1.031.022 was discovered to contain insecure protections for its UART console. This vulnerability aEPSS 0.2%CVE-2025-27538LOWMFA Enforcement Bypass Allows Unauthorized Removal of MFA for Other UsersEPSS 0.2%CVE-2026-28485HIGHOpenClaw 2026.1.5 < 2026.2.12 - Missing Authentication in Browser Control HTTP EndpointsEPSS 0.2%CVE-2025-3758HIGHExposure of Device Configuration without Authentication in WF2220EPSS 0.2%CVE-2026-8335HIGHMissing authentication in Aix-DBEPSS 0.2%CVE-2018-25225HIGHSIPP 3.3 Stack-Based Buffer Overflow via Configuration FileEPSS 0.2%CVE-2025-3646MEDIUMPetlibro Smart Pet Feeder Platform through 1.7.31 Authorization Bypass via Device Share APIEPSS 0.2%CVE-2025-66377HIGHPexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker (who already hEPSS 0.2%