CWE-306 (关键功能的认证机制缺失) — Vulnerability Class 1092

1092 vulnerabilities classified as CWE-306 (关键功能的认证机制缺失). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2018-25246	Wikipedia 12.0 Denial of Service via Search — Wikipedia	7.5	High	2026-04-04
CVE-2018-25241	VPN Browser+ 1.1.0.0 Denial of Service — VPN Browser+	7.5	High	2026-04-04
CVE-2026-34952	PraisonAI: Missing Authentication in WebSocket Gateway — PraisonAI	9.1	Critical	2026-04-03
CVE-2026-28766	Gardyn Cloud API Missing Authentication for Critical Function — Cloud API	9.3	Critical	2026-04-03
CVE-2026-28767	Gardyn Cloud API Missing Authentication for Critical Function — Cloud API	5.3	Medium	2026-04-03
CVE-2026-32646	Gardyn Cloud API Missing Authentication for Critical Function — Cloud API	7.5	High	2026-04-03
CVE-2026-0545	Missing Authentication for Critical Function in mlflow/mlflow — mlflow/mlflow	9.8^AI	Critical^AI	2026-04-03
CVE-2026-32211	Azure MCP Server Information Disclosure Vulnerability — Azure Web Apps	9.1	Critical	2026-04-02
CVE-2025-15620	HiOS Switch Platform Denial-of-Service via Web Interface — Hirschmann HiOS Switch Platform	9.3	High	2026-04-02
CVE-2026-35053	OneUptime: Unauthenticated Workflow Execution via ManualAPI — oneuptime	7.1^AI	High^AI	2026-04-02
CVE-2026-34758	OneUptime: Missing Authentication on Notification Endpoints — oneuptime	9.1	Critical	2026-04-02
CVE-2026-29132	ESWmail-Verify Bypass — Secure Email Gateway	4.3^AI	Medium^AI	2026-04-02
CVE-2026-5320	vanna-ai vanna Chat API Endpoint v2 missing authentication — vanna	7.3	High	2026-04-02
CVE-2026-21767	HCL BigFix Platform is affected by insufficient authentication — BigFix Platform	4.0	Medium	2026-04-01
CVE-2026-34999	OpenViking 0.2.5 < 0.2.14 Bot Proxy Endpoints Allow Unauthenticated Access — OpenViking	5.3	Medium	2026-04-01
CVE-2026-34732	AVideo: Missing Authentication in CreatePlugin list.json.php Template Affects 21 Endpoints — AVideo	5.3	Medium	2026-03-31
CVE-2026-34731	AVideo: Unauthenticated Live Stream Termination via RTMP Callback on_publish_done.php — AVideo	7.5	High	2026-03-31
CVE-2026-1579	PX4 Autopilot Missing authentication for critical function — Autopilot	9.8	Critical	2026-03-31
CVE-2026-3356	Missing Authentication for Critical Function vulnerability in Anritsu Remote Spectrum Monitor — Remote Spectrum Monitor MS27100A	9.8	-	2026-03-31
CVE-2026-34227	Sliver One-Click Remote Access: Insecure CORS & Unauthenticated MCP Interface — sliver	8.8^AI	High^AI	2026-03-31
CVE-2026-34200	Nhost CLI MCP Server: Missing Inbound Authentication on Explicitly Bound Network Port — nhost	8.0	-	2026-03-31
CVE-2026-34162	FastGPT: Unauthenticated SSRF via httpTools Endpoint Leads to Internal API Key Theft — FastGPT	10.0	Critical	2026-03-31
CVE-2026-33032	Nginx UI: Unauthenticated MCP Endpoint Allows Remote Nginx Takeover — nginx-ui	9.8	Critical	2026-03-30
CVE-2026-5000	PromtEngineer localGPT API Endpoint server.py LocalGPTHandler missing authentication — localGPT	7.3	High	2026-03-28
CVE-2018-25224	PMS 0.42 Stack-Based Buffer Overflow via Configuration File — PMS	8.4	High	2026-03-28
CVE-2018-25225	SIPP 3.3 Stack-Based Buffer Overflow via Configuration File — SIPP	8.4	High	2026-03-28
CVE-2026-34411	Appsmith < 1.98 Unauthenticated Instance Configuration Disclosure via Management APIs — Appsmith	5.3	Medium	2026-03-27
CVE-2026-4959	OpenBMB XAgent ShareServer WebSocket Endpoint share.py check_user missing authentication — XAgent	7.3	High	2026-03-27
CVE-2026-33366	BUFFALO Wi-Fi router 访问控制错误漏洞 — BUFFALO Wi-Fi router products	4.6	-	2026-03-27
CVE-2026-3527	AJAX Dashboard - Critical - Access bypass - SA-CONTRIB-2026-022 — AJAX Dashboard	9.1^AI	Critical^AI	2026-03-26

Vulnerabilities classified as CWE-306 (关键功能的认证机制缺失) represent 1092 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-306 (关键功能的认证机制缺失) — Vulnerability Class 1092