Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-306 (关键功能的认证机制缺失) — Vulnerability Class 1097

1097 vulnerabilities classified as CWE-306 (关键功能的认证机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-26235 JUNG Smart Visu Server 1.1.1050 - 'JUNG Smart Visu Server' Missing Authentication — JUNG Smart Visu Server 7.5 High2026-02-12
CVE-2026-1729 AdForest <= 6.0.12 - Authentication Bypass — AdForest 9.8 Critical2026-02-12
CVE-2026-24789 ZLAN Information Technology ZLAN5143D Missing Authentication for Critical Function — ZLAN5143D 9.8 Critical2026-02-11
CVE-2026-25084 ZLAN Information Technology ZLAN5143D Missing Authentication for Critical Function — ZLAN5143D 9.8 Critical2026-02-11
CVE-2026-2249 Unauthenticated Remote Command Execution via Web Console in METIS DFS — METIS DFS 9.8 Critical2026-02-11
CVE-2026-2248 Unauthenticated Remote Root Shell Access via Web Console in METIS WIC — METIS WIC 9.8 Critical2026-02-11
CVE-2025-8025 Improper Access Control in Dinosoft Business Solutions' Dinosoft ERP — Dinosoft ERP 9.8 Critical2026-02-11
CVE-2026-25878 FroshAdminer Adminer UI is accessible without admin session — FroshPlatformAdminer 9.4AICriticalAI2026-02-09
CVE-2026-25791 Sliver has a DNS C2 OTP Bypass Allows Unauthenticated Session Flooding and Denial of Service — sliver 7.5 High2026-02-09
CVE-2026-25848 JetBrains Hub 访问控制错误漏洞 — Hub 9.1 Critical2026-02-09
CVE-2026-2234 HGiga|C&Cm@il - Missing Authentication — C&Cm@il package olln-base 9.1 Critical2026-02-09
CVE-2026-2165 detronetdip E-commerce Account Creation Endpoint add_seller.php missing authentication — E-commerce 7.3 High2026-02-08
CVE-2020-37157 DBPower C300 HD Camera - Remote Configuration Disclosure — DBPower C300 HD Camera 7.5 High2026-02-06
CVE-2020-37146 Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure — Aptina AR0130 960P 1.3MP Camera 7.5 High2026-02-06
CVE-2026-2065 Flycatcher Toys smART Pixelator Bluetooth Low Energy missing authentication — smART Pixelator 6.3 Medium2026-02-06
CVE-2026-25751 FUXA Unauthenticated Exposure of Plaintext Database Credentials — FUXA 9.8AICriticalAI2026-02-06
CVE-2026-25505 Bambuddy Uses Hardcoded Secret Key + Many API Endpoints do not Require Authentication — bambuddy 9.8 Critical2026-02-04
CVE-2026-1633 Synectix LAN 232 TRIO Missing Authentication for Critical Function — LAN 232 TRIO 10.0 Critical2026-02-03
CVE-2026-1632 RISS SRL MOMA Seismic Station Missing Authentication for Critical Function — MOMA Seismic Station 9.1 Critical2026-02-03
CVE-2026-1341 Missing Authentication for Critical Function in Avation Light Engine Pro — Avation Light Engine Pro 7.5AIHighAI2026-02-03
CVE-2022-50981 Multiple Innomic VibroLine VLX HD 5.0 and avibia AVLX weak password requirements — VibroLine VLX1 HD 5.0 9.8 Critical2026-02-02
CVE-2022-50980 Multiple Innomic VibroLine VLX and avibia AVLX allow unauthenticated configuration preset change via CAN — VibroLine VLX1 HD 5.0 6.5 Medium2026-02-02
CVE-2022-50979 Multiple Innomic VibroLine VLX and avibia AVLX allow unauthenticated configuration preset change via Modbus (RS485) — VibroLine VLX1 HD 5.0 6.5 Medium2026-02-02
CVE-2022-50978 Multiple Innomic VibroLine VLX and avibia AVLX allow unauthenticated configuration preset change via Modbus (TCP) — VibroLine VLX1 HD 5.0 7.5 High2026-02-02
CVE-2022-50977 Multiple Innomic VibroLine VLX and avibia AVLX allow unauthenticated configuration preset change via HTTP — VibroLine VLX1 HD 5.0 7.5 High2026-02-02
CVE-2026-24728 Interinfo DreamMaker - Missing Authentication for Critical Function — DreamMaker 9.8AICriticalAI2026-01-30
CVE-2026-1453 Missing Authentication for Critical Function in KiloView Encoder Series — Encoder Series E1 hardware Version 1.4 9.8 Critical2026-01-29
CVE-2020-36963 Intelbras Router RF 301K 1.1.2 - Authentication Bypass — Intelbras Router RF 301K 7.5 High2026-01-28
CVE-2025-12386 Missing Authentication for Critical Endpoint in Pix-Link LV-WR21Q — LV-WR21Q 7.5AIHighAI2026-01-27
CVE-2025-59097 Unauthenticated SOAP API in dormakaba access manager — Access Manager 92xx-k5 9.8AICriticalAI2026-01-26

Vulnerabilities classified as CWE-306 (关键功能的认证机制缺失) represent 1097 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.