Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-306 (关键功能的认证机制缺失) — Vulnerability Class 1092

1092 vulnerabilities classified as CWE-306 (关键功能的认证机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-30824 Flowise: Missing Authentication on NVIDIA NIM Endpoints — Flowise 10.0 -2026-03-07
CVE-2026-25071 XikeStor SKS8310-8X switch_config.src Missing Authentication — XikeStor SKS8310-8X 5.3 -2026-03-07
CVE-2026-30846 Wekan Exposes All Global Webhook Integrations through globalwebhooks Publication — Wekan 7.5 -2026-03-06
CVE-2026-26288 Everon api.everon.io Missing Authentication for Critical Function — api.everon.io 9.4 Critical2026-03-06
CVE-2026-2754 Navtor NavBox 安全漏洞 — NavBox 7.5 High2026-03-06
CVE-2026-26051 Mobiliti e-mobi.hu Missing Authentication for Critical Function — e-mobi.hu 9.4 Critical2026-03-06
CVE-2026-27603 Chartbrew: Unauthenticated Chart Filter Endpoint: POST /project/:project_id/chart/:chart_id/filter missing verifyToken + checkPermissions — chartbrew 5.3 -2026-03-06
CVE-2026-22552 ePower epower.ie Missing Authentication for Critical Function — epower.ie 9.4 Critical2026-03-05
CVE-2026-26125 Payment Orchestrator Service Elevation of Privilege Vulnerability — Payment Orchestrator Service 8.6 High2026-03-05
CVE-2026-29613 OpenClaw < 2026.2.12 - Webhook Authentication Bypass via Loopback remoteAddress Trust — OpenClaw 5.9 Medium2026-03-05
CVE-2026-29606 OpenClaw < 2026.2.14 - Webhook Signature Verification Bypass via ngrok Loopback Compatibility — OpenClaw 6.5 Medium2026-03-05
CVE-2026-28485 OpenClaw 2026.1.5 < 2026.2.12 - Missing Authentication in Browser Control HTTP Endpoints — OpenClaw 8.4 High2026-03-05
CVE-2026-28472 OpenClaw < 2026.2.2 - Device Identity Check Bypass in Gateway WebSocket Connect Handshake — OpenClaw 8.1 High2026-03-05
CVE-2026-28468 OpenClaw 2026.1.29-beta.1 < 2026.2.14 - Authentication Bypass in Sandbox Browser Bridge Server — OpenClaw 7.7 High2026-03-05
CVE-2026-28458 OpenClaw 2026.1.20 < 2026.2.1 - Missing Authentication in Browser Relay /cdp WebSocket Endpoint — OpenClaw 8.1 High2026-03-05
CVE-2026-23767 EPSON ESC/POS 访问控制错误漏洞 — ESC/POS 9.8 -2026-03-05
CVE-2026-27446 Apache Artemis, Apache ActiveMQ Artemis: Auth bypass for Core downstream federation — Apache Artemis 6.5 -2026-03-04
CVE-2026-27012 Unauthenticated privilege escalation in OpenSTAManager via modules/utenti/actions.php — openstamanager 9.8 Critical2026-03-03
CVE-2026-1775 Missing Authentication for Critical Function in Labkotec LID-3300IP — LID-3300IP 9.8AICriticalAI2026-03-03
CVE-2025-30035 Lack of API authentication allowing session generation for any user — CGM CLININET 9.8AICriticalAI2026-03-02
CVE-2026-2844 TimePictra Authentication Bypass Vulnerability — TimePictra 9.1 -2026-02-28
CVE-2026-28352 Indico missing access check in event series management API — indico 6.5 Medium2026-02-27
CVE-2025-15567 Vivo Health 安全漏洞 — Health 4.3 -2026-02-27
CVE-2025-15509 Vivo SmartRemote 安全漏洞 — SmartRemote 5.3 -2026-02-27
CVE-2026-27028 Mobility46 mobility46.se Missing Authentication for Critical Function — mobility46.se 9.4 Critical2026-02-27
CVE-2026-27772 EV Energy ev.energy Missing Authentication for Critical Function — ev.energy 9.4 Critical2026-02-27
CVE-2026-27767 SWITCH EV swtchenergy.com Missing Authentication for Critical Function — swtchenergy.com 9.4 Critical2026-02-26
CVE-2026-24731 EV2GO ev2go.io Missing Authentication for Critical Function — ev2go.io 9.4 Critical2026-02-26
CVE-2026-20781 CloudCharge cloudcharge.se Missing Authentication for Critical Function — cloudcharge.se 9.4 Critical2026-02-26
CVE-2026-25851 Chargemap chargemap.com Missing Authentication for Critical Function — chargemap.com 9.4 Critical2026-02-26

Vulnerabilities classified as CWE-306 (关键功能的认证机制缺失) represent 1092 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.