CWE-306 (关键功能的认证机制缺失) — Vulnerability Class 1092

1092 vulnerabilities classified as CWE-306 (关键功能的认证机制缺失). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-7042	666ghj MiroFish REST API Endpoint __init__.py create_app missing authentication — MiroFish	7.3	High	2026-04-26
CVE-2026-41473	CyberPanel < 2.4.4 Unauthenticated API Access via AI Scanner Endpoints — cyberpanel	9.1^AI	Critical^AI	2026-04-24
CVE-2026-41477	Deskflow: Local privilege escalation via unauthenticated IPC — deskflow	7.8	High	2026-04-24
CVE-2026-6272	kuksa.val.v2任意读JWT可伪造信号数据漏洞 — Eclipse KUKSA - Databroker	7.1^AI	High^AI	2026-04-24
CVE-2026-25775	SenseLive X3050 Missing authentication for critical function — X3050	9.8	Critical	2026-04-24
CVE-2026-35064	SenseLive X3050 Missing authentication for critical function — X3050	7.5	High	2026-04-24
CVE-2026-40620	SenseLive X3050 Missing authentication for critical function — X3050	9.8	Critical	2026-04-24
CVE-2026-42095	Arianna <26.04.1 bookserver 任意文件读取漏洞 — Arianna	4.0	Medium	2026-04-24
CVE-2026-27843	SenseLive X3050 Missing authentication for critical function — X3050	9.1	Critical	2026-04-23
CVE-2026-6376	Missing authentication for critical function in SpiceJet Online Booking System — Online Booking System	5.3^AI	Medium^AI	2026-04-23
CVE-2026-41273	Flowise: Unauthenticated OAuth 2.0 Access Token Disclosure via Public Chatflow — Flowise	7.5^AI	High^AI	2026-04-23
CVE-2026-23751	Kofax Capture 6.0.0.0 Unauthenticated File Read/Write & SMB Coercion via .NET Remoting — Kofax Capture	9.8	Critical	2026-04-23
CVE-2026-41176	Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution — rclone	9.1	-	2026-04-22
CVE-2018-25259	Terminal Services Manager 3.1 Buffer Overflow SEH — Terminal Services Manager	8.4	High	2026-04-22
CVE-2026-5749	Inadequate access control vulnerability in Fullstep — Fullstep	7.5^AI	High^AI	2026-04-22
CVE-2026-40884	goshs: Empty-username SFTP password authentication bypass in goshs — goshs	9.8	Critical	2026-04-21
CVE-2026-40050	CrowdStrike LogScale Unauthenticated Path Traversal — LogScale Self-Hosted	9.8	Critical	2026-04-21
CVE-2026-24177	NVIDIA KAI Scheduler 访问控制错误漏洞 — KAI Scheduler	7.7	High	2026-04-21
CVE-2026-41039	Information Disclosure Vulnerability in Quantum Networks Router QN-I-470 — Router QN-I-470	7.5^AI	High^AI	2026-04-21
CVE-2026-25058	Vexa's unauthenticated internal transcript endpoint exposed by default — vexa	7.5	High	2026-04-20
CVE-2026-26944	Dell PowerProtect Data Domain（Dell PowerProtect DD）安全漏洞 — PowerProtect Data Domain	8.8	High	2026-04-20
CVE-2026-6369	Exposed Session Token in canonical-livepatch client snap — canonical-livepatch	7.8^AI	High^AI	2026-04-20
CVE-2026-32957	Silex SD-330AC和Silex AMC Manager 安全漏洞 — SD-330AC	5.3	Medium	2026-04-20
CVE-2026-32962	Silex SD-330AC和Silex AMC Manager 安全漏洞 — SD-330AC	5.3	Medium	2026-04-20
CVE-2026-6588	serge-chat serge Model API Endpoint model.py delete_model missing authentication — serge	6.5	Medium	2026-04-20
CVE-2026-6582	TransformerOptimus SuperAGI Vector Database Management Endpoint vector_dbs.py get_vector_db_details missing authentication — SuperAGI	7.3	High	2026-04-19
CVE-2026-6579	liangliangyy DjangoBlog Clean Endpoint views.py missing authentication — DjangoBlog	6.5	Medium	2026-04-19
CVE-2026-6577	liangliangyy DjangoBlog logtracks Endpoint views.py missing authentication — DjangoBlog	7.3	High	2026-04-19
CVE-2026-35546	Anviz Products Missing Authentication for Critical Function — Anviz CX7 Firmware	9.8	Critical	2026-04-17
CVE-2026-40461	Anviz Products Missing Authentication for Critical Function — Anviz CX7 Firmware	7.5	High	2026-04-17

Vulnerabilities classified as CWE-306 (关键功能的认证机制缺失) represent 1092 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-306 (关键功能的认证机制缺失) — Vulnerability Class 1092