CVE Database

30+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS

30 results for "CWE-30"

CVE-2026-13164

Missing Authentication for Critical Function (CWE-306) in the RegisterView (apps/accounts/views.py), exposed at POST /api/auth/register/, in MailerUp <1.0.1 allows a remote, unauthenticated attacker to self-register a …

Jun 24, 2026
CVE-2026-50086
10.0 CRITICAL

The Aqara IAM/SSO gateway (gw-builder.aqara.com) exposes bidirectional AES round-trups against the platform's signing key without authentication. This is an instance of "CWE-306: Missing Authentication for …

Jun 12, 2026
CVE-2026-50085
8.6 HIGH

The Aqara Board service (op-test.aqara.com) accepts arbitrary MQTT command payloads, and forwards them to the platfom's HiveMQ broker without authentication. This is an instance of …

Jun 12, 2026
CVE-2026-50082
6.5 MEDIUM

The Aqara Cloud Developer Portal (developer.aqara.com) issued a developer token to any email address supplied by the attacker. This is an instance of "CWE-306: Missing …

Jun 12, 2026
CVE-2026-7820
6.5 MEDIUM

Improper restriction of excessive authentication attempts (CWE-307) in pgAdmin 4. pgAdmin enforces MAX_LOGIN_ATTEMPTS only inside its custom /authenticate/login view. Flask-Security's default /login view, which is …

May 11, 2026
CVE-2025-11566

CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker on the local network to gain access to the user account …

Nov 12, 2025
CVE-2025-52392
5.4 MEDIUM

Soosyze CMS 2.0 allows brute-force login attacks via the /user/login endpoint due to missing rate-limiting and lockout mechanisms. An attacker can repeatedly submit login attempts …

Aug 13, 2025
CVE-2024-52965
7.2 HIGH

A missing critical step in authentication vulnerability [CWE-304] in Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.10, and before 7.0.16 & …

Jul 8, 2025
CVE-2024-50568
5.9 MEDIUM

A channel accessible by non-endpoint vulnerability [CWE-300] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7 and before 7.0.14 & FortiProxy version 7.4.0 through …

Jun 10, 2025
CVE-2025-3461
9.1 CRITICAL

The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an instance of CWE-306, "Missing Authentication for Critical Function," and is …

Jun 8, 2025
CVE-2025-26366
7.5 HIGH

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to …

Feb 12, 2025
CVE-2025-26365
7.5 HIGH

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to …

Feb 12, 2025
CVE-2025-26364
7.5 HIGH

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to …

Feb 12, 2025
CVE-2025-26363
7.5 HIGH

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to …

Feb 12, 2025
CVE-2025-26362
7.5 HIGH

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to …

Feb 12, 2025
CVE-2025-26361
9.1 CRITICAL

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to …

Feb 12, 2025
CVE-2025-26360
5.3 MEDIUM

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/persistance/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to …

Feb 12, 2025
CVE-2025-26359
9.8 CRITICAL

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to …

Feb 12, 2025
CVE-2025-26347
9.8 CRITICAL

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to …

Feb 12, 2025
CVE-2025-26345
9.8 CRITICAL

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to …

Feb 12, 2025
CVE-2025-26344
9.8 CRITICAL

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/guest-mode/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to …

Feb 12, 2025
CVE-2025-26342
9.8 CRITICAL

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to …

Feb 12, 2025
CVE-2025-26341
9.8 CRITICAL

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to …

Feb 12, 2025
CVE-2025-26339
9.8 CRITICAL

A CWE-306 "Missing Authentication for Critical Function" in maxtime/handleRoute.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to …

Feb 12, 2025
CVE-2024-23106
8.1 HIGH

An improper restriction of excessive authentication attempts [CWE-307] in FortiClientEMS version 7.2.0 through 7.2.4 and before 7.0.10 allows an unauthenticated attacker to try a brute …

Jan 14, 2025
CVE-2024-50375
9.8 CRITICAL

A CWE-306 "Missing Authentication for Critical Function" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= …

Nov 26, 2024
CVE-2024-8530
5.9 MEDIUM

CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause exposure of private data when an already generated “logcaptures” archive is accessed directly by …

Oct 11, 2024
CVE-2024-38433
6.7 MEDIUM

Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton …

Jul 11, 2024
CVE-2024-36388
10.0 CRITICAL

MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function

Jun 2, 2024
CVE-2024-2051
9.8 CRITICAL

CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause account takeover and unauthorized access to the system when an attacker conducts brute-force …

Mar 18, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.