CWE-306 (关键功能的认证机制缺失) — Vulnerability Class 1097

1097 vulnerabilities classified as CWE-306 (关键功能的认证机制缺失). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2023-7328	Screen SFT DAB 600/C <= 1.9.3 Unauthenticated Information Disclosure — Screen SFT DAB 600/C	7.5	-	2025-11-14
CVE-2025-55073	MS Teams plugin OAuth allows editing arbitrary posts — Mattermost	5.4	Medium	2025-11-14
CVE-2025-55070	Lack of MFA enforcement in WebSocket connections — Mattermost	6.5	Medium	2025-11-14
CVE-2023-7329	Tinycontrol LAN Controller v3 (LK3) Remote DoS — Lan Controller	9.1	-	2025-11-12
CVE-2025-40817	Siemens LOGO! 访问控制错误漏洞 — LOGO! 12/24RCE	6.5	Medium	2025-11-11
CVE-2025-40816	Siemens LOGO! 访问控制错误漏洞 — LOGO! 12/24RCE	7.6	High	2025-11-11
CVE-2025-11986	Crypto Tool <= 2.22 - Unauthenticated Information Exposure via Global Authentication State — Crypto Tool	5.3	Medium	2025-11-11
CVE-2025-42885	Missing authentication in SAP HANA 2.0 (hdbrss) — SAP HANA 2.0 (hdbrss)	5.8	Medium	2025-11-11
CVE-2025-20358	Cisco Unified Contact Center Express Editor Authentication Bypass Vulnerability — Cisco Unified Contact Center Express	9.4	Critical	2025-11-05
CVE-2025-55108	BMC Control-M/Agent default configuration does not enforce SSL/TLS allowing unauthorized actions and remote code execution — Control-M/Agent	10.0	Critical	2025-11-05
CVE-2025-12108	Missing Authentication for Critical Function Survision License Plate Recognition Camera — License Plate Recognition Camera	9.8^AI	Critical^AI	2025-11-04
CVE-2025-61956	Missing Authentication for Critical Function in Radiometrics VizAir — VizAir	10.0	Critical	2025-11-04
CVE-2025-61945	Missing Authentication for Critical Function in Radiometrics VizAir — VizAir	10.0	Critical	2025-11-04
CVE-2025-11007	CE21 Suite 2.2.1 - 2.3.1 - Missing Authorization to Unauthenticated Privilege Escalation via Plugin Settings Update — CE21 Suite	9.8	Critical	2025-11-04
CVE-2025-47357	Missing Authentication for Critical Function in SMSS — Snapdragon	8.0	High	2025-11-04
CVE-2025-8558	Proofpoint Insider Threat Management Server 安全漏洞 — Insider Threat Management (ITM) Server	6.3^AI	Medium^AI	2025-11-03
CVE-2025-48397	Eaton Brightlayer Software Suite 安全漏洞 — Eaton Brightlayer Software Suite (BLSS)	7.1	High	2025-11-03
CVE-2023-7325	Mingyu Operations and Maintenance Audit and Risk Control System xmlrpc.sock SSRF — Mingyu Operations and Maintenance Audit and Risk Control System	9.8^AI	Critical^AI	2025-10-30
CVE-2021-4461	Seeyon Zhiyuan OA Web Application System < 7.0 SP1 Authentication Bypass — Zhiyuan OA Web Application System	5.3^AI	Medium^AI	2025-10-30
CVE-2025-12477	Server Version Disclosure — BLU-IC2	4.3^AI	Medium^AI	2025-10-29
CVE-2025-12476	Resource Lacking AuthN — BLU-IC2	9.1^AI	Critical^AI	2025-10-29
CVE-2025-41090	Improper Access Control in CCN-CERT microCLAUDIA — microCLAUDIA	8.8^AI	High^AI	2025-10-28
CVE-2025-43994	Dell Storage Manager 访问控制错误漏洞 — Dell Storage Manager	8.6	High	2025-10-24
CVE-2025-62607	Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL — nautobot-app-ssot	5.3	Medium	2025-10-22
CVE-2025-11949	Digiwin｜EasyFlow .NET and EasyFlow AiNet - Missing Authentication — EasyFlow .NET	7.5	High	2025-10-21
CVE-2025-9574	Missing Authentication Vulnerability — ALS-mini-s4 IP	10.0	Critical	2025-10-20
CVE-2025-11942	70mai X200 Pairing missing authentication — X200	7.3	High	2025-10-19
CVE-2025-11852	Apeman ID71 ONVIF Service device_service missing authentication — ID71	5.3	Medium	2025-10-16
CVE-2025-62586	OPEXUS FOIAXpress unauthenticated administrator password reset — FOIAXpress	9.8	Critical	2025-10-16
CVE-2025-0275	HCL BigFix Mobile 3.3 and earlier is affected by improper access control — BigFix Mobile	5.3	Medium	2025-10-16

Vulnerabilities classified as CWE-306 (关键功能的认证机制缺失) represent 1097 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-306 (关键功能的认证机制缺失) — Vulnerability Class 1097