CWE-306 (关键功能的认证机制缺失) — Vulnerability Class 1096

1096 vulnerabilities classified as CWE-306 (关键功能的认证机制缺失). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-7897	harry0703 MoneyPrinterTurbo API Endpoint base.py verify_token missing authentication — MoneyPrinterTurbo	7.3	High	2025-07-20
CVE-2025-7862	TOTOLINK T6 Telnet Service cstecgi.cgi setTelnetCfg missing authentication — T6	7.3	High	2025-07-20
CVE-2025-6226	IDOR in CreatePost API allows for timeboxed message disclosure — Mattermost	6.5	Medium	2025-07-18
CVE-2025-34130	LILIN DVR Arbitrary File Read via net_html.cgi — DVR Firmware	9.8^AI	Critical^AI	2025-07-16
CVE-2025-53938	WeGIA vulnerable to Authentication Bypass due to Missing Session Validation in multiple endpoints — WeGIA	9.1^AI	Critical^AI	2025-07-16
CVE-2025-34113	Tiki Wiki CMS Authenticated Command Injection in Calendar Module — Wiki CMS Groupware	8.8^AI	High^AI	2025-07-15
CVE-2025-34068	Samsung WLAN AP WEA453e < 5.2.4.T1 Unauthenticated RCE via command1 and command2 Parameters — WLAN AP WEA453e	9.8^AI	Critical^AI	2025-07-15
CVE-2025-53378	Trend Micro Worry-Free Business Security Services 访问控制错误漏洞 — Trend Micro Worry-Free Business Security Services	7.6	High	2025-07-10
CVE-2025-3498	Unauthenticated modification of Radiflow iSAP Smart Collector configuration — iSAP Smart Collector	9.9	Critical	2025-07-09
CVE-2025-7031	Config Pages Viewer - Critical - Access bypass - SA-CONTRIB-2025-086 — Config Pages Viewer	9.1^AI	Critical^AI	2025-07-08
CVE-2025-48814	Remote Desktop Licensing Service Security Feature Bypass Vulnerability — Windows 10 Version 1607	7.5	High	2025-07-08
CVE-2025-40736	Siemens SINEC NMS 访问控制错误漏洞 — SINEC NMS	9.8	Critical	2025-07-08
CVE-2025-25268	Unauthenticated Configuration Access via Exposed API Endpoint — CHARX SEC-3150	8.8	High	2025-07-08
CVE-2025-7115	rowboatlabs rowboat Session route.ts PUT missing authentication — rowboat	7.3	High	2025-07-07
CVE-2025-7114	SimStudioAI sim Session route.ts POST missing authentication — sim	7.3	High	2025-07-07
CVE-2025-34089	Remote for Mac Unauthenticated Remote Code Execution via AppleScript Injection — Remote for Mac	8.8^AI	High^AI	2025-07-03
CVE-2025-34071	GFI Kerio Control Unsigned System Image Upload Root Code Execution — Kerio Control	7.2^AI	High^AI	2025-07-02
CVE-2025-34070	GFI Kerio Control GFIAgent Missing Authentication on Administrative Interfaces — Kerio Control	9.8^AI	Critical^AI	2025-07-02
CVE-2025-34069	GFI Kerio Control GFIAgent Authentication Bypass via Proxy Forwarding — Kerio Control	9.8^AI	Critical^AI	2025-07-02
CVE-2025-34057	Ruijie NBR Router Administrative Credential Disclosure — NBR Router	7.5^AI	High^AI	2025-07-02
CVE-2025-6920	Ai-inference-server: authentication bypass via unprotected inference endpoint in api — Red Hat AI Inference Server	5.3	Medium	2025-07-01
CVE-2025-41656	Pilz: Missing Authentication in Node-RED integration — IndustrialPI 4 with Firmware Bullseye	10.0	Critical	2025-07-01
CVE-2025-6916	TOTOLINK T6 formLoginAuth.htm Form_Login missing authentication — T6	8.8	High	2025-06-30
CVE-2024-8419	Improper Access Control vulnerability in AC4xxS devices — ifm Smart PLC AC402s	7.5	High	2025-06-30
CVE-2025-5310	Dover Fueling Solutions ProGauge MagLink LX Consoles Missing Authentication for Critical Function — ProGauge MagLink LX 4	9.8	Critical	2025-06-27
CVE-2025-6763	Comet System H3531 Web-based Management setupA.cfg missing authentication — T0510	8.1	High	2025-06-27
CVE-2025-3699	Mitsubishi Electric多款产品访问控制错误漏洞 — G-50	9.8	Critical	2025-06-26
CVE-2025-1754	Missing Authentication for Critical Function in GitLab — GitLab	5.3	Medium	2025-06-26
CVE-2025-6678	Autel MaxiCharger AC Wallbox Commercial PIN Missing Authentication Information Disclosure Vulnerability — Autel MaxiCharger AC Wallbox Commercial	7.5^AI	High^AI	2025-06-25
CVE-2025-3090	MB connect line: Missing Authentication in mbCONNECT24/mymbCONNECT24 — mbCONNECT24	8.2	High	2025-06-24

Vulnerabilities classified as CWE-306 (关键功能的认证机制缺失) represent 1096 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-306 (关键功能的认证机制缺失) — Vulnerability Class 1096