Weaknesses of type CWE-306
1,704 resultsCVE-2026-30824HIGHFlowise: Missing Authentication on NVIDIA NIM EndpointsEPSS 36.3%CVE-2023-51587HIGHVoltronic Power ViewPower getModbusPassword Missing Authentication Information Disclosure VulnerabilityEPSS 36.0%CVE-2026-41176CRITICALRclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command executionEPSS 34.5%CVE-2025-53118CRITICALSecurden Unified PAM Authentication BypassEPSS 29.4%CVE-2024-6842HIGHExposure of Sensitive Information in mintplex-labs/anything-llmEPSS 29.2%CVE-2024-12847CRITICALNETGEAR DGN setup.cgi OS Command InjectionEPSS 29.0%CVE-2026-26190CRITICALMilvus Allows Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System CompromiseEPSS 27.7%CVE-2026-44338HIGHPraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow executionEPSS 26.8%CVE-2022-45551CRITICALAn issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to escalate privileges via WGET command tEPSS 25.1%CVE-2025-34117CRITICALNetcore / Netis Routers RCE via UDP Port 53413 BackdoorEPSS 22.9%CVE-2024-50630HIGHMissing authentication for critical function vulnerability in the webapi component in Synology Drive Server before 3.0.4-12699, 3.2.1-23280,EPSS 22.7%CVE-2026-27944CRITICALNginx UI: Unauthenticated Backup Download with Encryption Key DisclosureEPSS 22.2%CVE-2026-33340CRITICALLoLLMs WEBUI has unauthenticated Server-Side Request Forgery (SSRF) in /api/proxy endpointEPSS 21.6%CVE-2026-22679CRITICALWeaver E-cology 10.0 Unauthenticated RCE via dubboApi Debug EndpointEPSS 21.5%CVE-2021-22823—A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of EPSS 21.4%CVE-2020-24363HIGHTP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request EPSS 20.7%KEVCVE-2026-21445HIGHLangflow Missing Authentication on Critical API EndpointsEPSS 20.7%CVE-2022-26082CRITICALA file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. EPSS 18.6%CVE-2019-5591MEDIUMA Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive informationEPSS 18.6%KEVCVE-2022-45504HIGHAn issue in the component tpi_systool_handle(0) (/goform/SysToolRestoreSet) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to EPSS 18.3%