Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-306 (关键功能的认证机制缺失) — Vulnerability Class 1096

1096 vulnerabilities classified as CWE-306 (关键功能的认证机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-34411 Appsmith < 1.98 Unauthenticated Instance Configuration Disclosure via Management APIs — Appsmith 5.3 Medium2026-03-27
CVE-2026-4959 OpenBMB XAgent ShareServer WebSocket Endpoint share.py check_user missing authentication — XAgent 7.3 High2026-03-27
CVE-2026-33366 BUFFALO Wi-Fi router 访问控制错误漏洞 — BUFFALO Wi-Fi router products 4.6 -2026-03-27
CVE-2026-3527 AJAX Dashboard - Critical - Access bypass - SA-CONTRIB-2026-022 — AJAX Dashboard 9.1AICriticalAI2026-03-26
CVE-2026-24068 Missing XPC Client & NSXPC endpoint validation leads to privilege escalation in Vienna Assistant (MacOS) - Vienna Symphonic Library — Vienna Assistant 9.8 -2026-03-26
CVE-2026-1724 Missing Authentication for Critical Function in GitLab — GitLab 6.8 Medium2026-03-25
CVE-2026-32326 SHARP多款产品 访问控制错误漏洞 — home 5G HR01 9.1 -2026-03-25
CVE-2026-2417 Missing Authentication for Critical Function in Pharos Controls Mosaic Show Controller — Mosaic Show Controller 9.8 -2026-03-24
CVE-2026-33159 Craft CMS: Unauthenticated users could execute project configuration sync operations that should be restricted trusted users — cms 8.6 -2026-03-24
CVE-2026-33340 LoLLMs WEBUI has unauthenticated Server-Side Request Forgery (SSRF) in /api/proxy endpoint — lollms-webui 9.1 Critical2026-03-24
CVE-2019-25632 phpFileManager 1.7.8 Local File Inclusion via index.php — phpFileManager 6.2 Medium2026-03-24
CVE-2026-4649 Auth bypass in Apache Artemis allows reading all internal messages — KNIME Business Hub 6.5 -2026-03-24
CVE-2026-4640 Galaxy Software Services|Vitals ESP - Missing Authentication — Vitals ESP 7.5 High2026-03-24
CVE-2026-33719 AVideo Vulnerable to Unauthenticated CDN Configuration Takeover via Empty Default Key Bypass and Mass-Assignment in status.json.php — AVideo 8.6 High2026-03-23
CVE-2025-15517 Authorization Bypass in HTTP Server Endpoints on TP-Link Archer NX200, NX210, NX500 and NX600 — Archer NX600 v3.0 9.8 -2026-03-23
CVE-2026-31846 Unauthenticated Credential Disclosure via /goform/ate in Nexxt Nebula 300+ — Nebula 300+ / Tenda F3 V2.0 Firmware 6.5 Medium2026-03-23
CVE-2026-4582 Shenzhen HCC Technology MPOS M6 PLUS Bluetooth missing authentication — MPOS M6 PLUS 5.0 Medium2026-03-23
CVE-2026-4562 MacCMS Timming API Endpoint Timming.php weak authentication — MacCMS 7.3 High2026-03-22
CVE-2026-2756 OmniPEMF NeoRhythm BLE missing authentication — NeoRhythm 5.0 Medium2026-03-21
CVE-2019-25568 Memu Play 6.0.7 Privilege Escalation via Insecure File Permissions — Memu Play 9.8 Critical2026-03-21
CVE-2026-32896 OpenClaw < 2026.2.21 - Unauthenticated Webhook Access via Passwordless Fallback in BlueBubbles Plugin — OpenClaw 4.8 Medium2026-03-21
CVE-2026-32064 OpenClaw < 2026.2.21 - Missing VNC Authentication in Sandbox Browser noVNC Observer — OpenClaw 7.7 High2026-03-21
CVE-2026-29796 IGL-Technologies eParking.fi Missing Authentication for Critical Function — eParking.fi 9.4 Critical2026-03-20
CVE-2026-33231 NLTK has unauthenticated remote shutdown in nltk.app.wordnet_app — nltk 7.5 High2026-03-20
CVE-2026-25192 CTEK Chargeportal Missing Authentication for Critical Function — Chargeportal 9.4 Critical2026-03-20
CVE-2026-22898 QVR Pro — QVR Pro 9.8 -2026-03-20
CVE-2026-33070 FileRise has Unauthenticated Share Link Deletion — FileRise 3.7 Low2026-03-20
CVE-2026-4476 Yi Technology YI Home Camera CGI Endpoint ipc missing authentication — YI Home Camera 6.3 Medium2026-03-20
CVE-2026-33038 AVideo affected by unauthenticated application takeover via exposed web installer on uninitialized deployments — AVideo 8.1 High2026-03-20
CVE-2026-32985 Xerte Online Toolkits <= 3.14 Unauthenticated Template Import Arbitrary File Upload Leading to Remote Code Execution — Xerte Online Toolkits 9.8 Critical2026-03-20

Vulnerabilities classified as CWE-306 (关键功能的认证机制缺失) represent 1096 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.