Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-306 (关键功能的认证机制缺失) — Vulnerability Class 1095

1095 vulnerabilities classified as CWE-306 (关键功能的认证机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-23356 NVIDIA Isaac Lab 访问控制错误漏洞 — Isaac Lab 8.4 High2025-10-14
CVE-2025-7328 Rockwell Automation Comms - 1783-NATR Multiple Broken Authentication Vulnerabilities — Comms - 1783-NATR 6.8AIMediumAI2025-10-14
CVE-2025-40771 Siemens SIMATIC CP Series 访问控制错误漏洞 — SIMATIC CP 1542SP-1 9.8 Critical2025-10-14
CVE-2025-40765 Siemens TeleControl Server Basic 访问控制错误漏洞 — TeleControl Server Basic V3.1 9.8 Critical2025-10-14
CVE-2025-41703 Phoenix Contact: UPS Shutdown via Unauthenticated Modbus Command — QUINT4-UPS/24DC/24DC/5/EIP 7.5 High2025-10-14
CVE-2025-11672 EBM Technologies|Uniweb/SoliPACS WebServer - Missing Authentication — Uniweb/SoliPACS WebServer 5.3 Medium2025-10-13
CVE-2025-11671 EBM Technologies|Uniweb/SoliPACS WebServer - Missing Authentication — Uniweb/SoliPACS WebServer 5.3 Medium2025-10-13
CVE-2025-11661 ProjectsAndPrograms School Management System missing authentication — School Management System 7.3 High2025-10-13
CVE-2025-59246 Azure Entra ID Elevation of Privilege Vulnerability — Microsoft Entra 9.8 Critical2025-10-09
CVE-2025-11198 Security Director Policy Enforcer: An unrestricted API allows a network-based unauthenticated attacker to deploy malicious vSRX images to VMWare NSX Server — Security Director Policy Enforcer 7.4 High2025-10-09
CVE-2025-11529 ChurchCRM API Endpoint AuthMiddleware.php AuthMiddleware missing authentication — ChurchCRM 7.3 High2025-10-09
CVE-2025-11171 Chartify – WordPress Chart Plugin <= 3.5.9 - Missing Authentication for Administrative Function — Chartify – WordPress Chart Plugin 5.3 Medium2025-10-08
CVE-2025-10746 Integrate Dynamics 365 CRM <= 1.0.9 - Missing Authorization — Integrate Dynamics 365 CRM 6.5 Medium2025-10-04
CVE-2025-61673 Karapace is vulnerable to Authentication Bypass — karapace 8.6 High2025-10-03
CVE-2025-23293 NVIDIA Delegated Licensing Service 访问控制错误漏洞 — DLS component of NVIDIA License System 8.7 High2025-09-30
CVE-2025-34221 Vasion Print (formerly PrinterLogic) — Print Virtual Appliance Host 10.0AICriticalAI2025-09-29
CVE-2025-34215 Vasion Print (formerly PrinterLogic) Unauthenticated Firmware Update Endpoint RCE — Print Virtual Appliance Host 9.8AICriticalAI2025-09-29
CVE-2025-34224 Vasion Print (formerly PrinterLogic) Unauthenticated Device Modification — Print Virtual Appliance Host 9.8AICriticalAI2025-09-29
CVE-2025-34220 Vasion Print (formerly PrinterLogic) Unauthenticated API Leaks Group Information — Print Virtual Appliance Host 5.3AIMediumAI2025-09-29
CVE-2025-34222 Vasion Print (formerly PrinterLogic) Unauthenticated Admin APIs Used to Modify SSL Certificates — Print Virtual Appliance Host 9.8AICriticalAI2025-09-29
CVE-2025-34228 Vasion Print (formerly PrinterLogic) SSRF via Lexmark update.php — Print Virtual Appliance Host 9.1AICriticalAI2025-09-29
CVE-2025-34229 Vasion Print (formerly PrinterLogic) Blind SSRF via HP installApp.php — Print Virtual Appliance Host 9.1AICriticalAI2025-09-29
CVE-2025-34230 Vasion Print (formerly PrinterLogic) Blind SSRF via HP log_off_single_sign_on.php — Print Virtual Appliance Host 9.1AICriticalAI2025-09-29
CVE-2025-34231 Vasion Print (formerly PrinterLogic) SSRF via HP badgeSetup.php — Print Virtual Appliance Host 9.1AICriticalAI2025-09-29
CVE-2025-34225 Vasion Print (formerly PrinterLogic) SSRF via console_release Directory — Print Virtual Appliance Host 9.1AICriticalAI2025-09-29
CVE-2025-34216 Vasion Print (formerly PrinterLogic) RCE and Password Leaks via API — Print Virtual Appliance Host 9.8AICriticalAI2025-09-29
CVE-2025-34218 Vasion Print (formerly PrinterLogic) Exposed Internal Docker Instance — Print Virtual Appliance Host 5.8AIMediumAI2025-09-29
CVE-2025-34232 Vasion Print (formerly PrinterLogic) Blind SSRF via Lexmark dellCheck.php — Print Virtual Appliance Host 9.1AICriticalAI2025-09-29
CVE-2025-11130 iHongRen pptp-vpn XPC Service HelperTool.m shouldAcceptNewConnection missing authentication — pptp-vpn 8.4 High2025-09-29
CVE-2025-60251 Unitree多款产品 安全漏洞 — Go2 5.0 Medium2025-09-26

Vulnerabilities classified as CWE-306 (关键功能的认证机制缺失) represent 1095 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.