CWE-306 · Missing Authentication for Critical Function

2463 CVEs classified under CWE-306 (Missing Authentication for Critical Function). Browse by severity and year.

Top CVEs for CWE-306
CVESeverityScorePublishedSummary
CVE-2026-54309Critical10.02026-06-23n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, when @n8n/mcp-browser is run in HTTP transport mode, the MCP endpoint accepts s…
CVE-2026-50242Critical10.02026-06-19In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 authentication bypass via direct database acces…
CVE-2026-49257Critical10.02026-06-18mcp-pinot is a Python-based Model Context Protocol (MCP) server for interacting with Apache Pinot. In versions 3.0.1 and below, mcp-pinot defaults to running a…
CVE-2026-46846Critical10.02026-06-17Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework). Supported versions that are affected are 12…
CVE-2026-46803Critical10.02026-06-17Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework). Supported versions that are affected are 12…
CVE-2026-46800Critical10.02026-06-17Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites). Supported versions that are affected are 12.2.1…
CVE-2026-46798Critical10.02026-06-17Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites). Supported versions that are affected are 12.2.1…
CVE-2026-46781Critical10.02026-06-17Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle). Supported versions that are affected…
CVE-2026-46778Critical10.02026-06-17Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle). Supported versions that are affected…
CVE-2026-35301Critical10.02026-06-17Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 12.2.1.4.0 and 14.1.1…
CVE-2026-35292Critical10.02026-06-17Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 14.1.2.0.0 and 15.1.1…
CVE-2026-46840Critical10.02026-05-28Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulne…
CVE-2026-45087Critical10.02026-05-27Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode (dalfox server)…
CVE-2026-44329Critical10.02026-05-27free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without OAuth2/bearer-toke…
CVE-2026-44327Critical10.02026-05-27free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-oam route group without inbound OAuth2/bearer-to…
CVE-2026-20223Critical10.02026-05-20A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site res…
CVE-2026-39858Critical10.02026-04-30Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerabi…
CVE-2026-4370Critical10.02026-04-01A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the internal Dqlite database cluster fails to pe…
CVE-2026-34162Critical10.02026-03-31FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, the FastGPT HTTP tools testing endpoint (/api/core/app/httpTools/runTool) is exposed witho…
CVE-2026-3611Critical10.02026-03-12The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configuration. With no user mod…