Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-306 (关键功能的认证机制缺失) — Vulnerability Class 1094

1094 vulnerabilities classified as CWE-306 (关键功能的认证机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2021-47891 Unified Remote 3.9.0.2463 - Remote Code Execution — Unified Remote 9.8 Critical2026-01-23
CVE-2026-1364 JNC|IAQS and I6 - Missing Authentication — IAQS 9.8 Critical2026-01-23
CVE-2026-0778 Enel X JuiceBox 40 Telnet Service Missing Authentication Remote Code Execution Vulnerability — JuiceBox 40 8.8 -2026-01-23
CVE-2025-54816 EVMAPA Missing Authentication for Critical Function — EVMAPA 9.4 Critical2026-01-22
CVE-2026-24124 Dragonfly Manager Job API Allows Unauthenticated Access — dragonfly 9.8 -2026-01-22
CVE-2026-1332 HAMASTAR Technology|MeetingHub - Missing Authentication — MeetingHub 5.3 Medium2026-01-22
CVE-2025-69285 SQLBot uploadExcel Endpoint has Unauthenticated Arbitrary File Upload vulnerability — SQLBot 9.8AICriticalAI2026-01-21
CVE-2021-47802 Tenda D151 & D301 - Configuration Download — Tenda D151 & D301 7.5 High2026-01-21
CVE-2026-23944 Arcane allows unauthenticated proxy access to remote environments — arcane 8.6AIHighAI2026-01-19
CVE-2026-23744 REC in MCPJam inspector due to HTTP Endpoint exposes — inspector 9.8 Critical2026-01-16
CVE-2026-0942 Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit <= 5.1.5 - Missing Authorization to Unauthenticated Rede Order Logs Deletion — Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit 5.3 Medium2026-01-16
CVE-2026-1023 Gotac|Statistics Database System - Missing Authentication — Statistics Database System 7.5 High2026-01-16
CVE-2026-1019 Gotac|Police Statistics Database System - Missing Authentication — Police Statistics Database System 9.8 Critical2026-01-16
CVE-2025-62582 DIAView - Authentication Bypass Vulnerability — DIAView 9.8 Critical2026-01-16
CVE-2026-23746 Entrust Instant Financial Issuance (IFI) SmartCardController Service .NET Remoting RCE — Instant Financial Issuance (IF) 9.1AICriticalAI2026-01-15
CVE-2025-14058 Lenovo Tablets 安全漏洞 — Tab M11 TB330FU TB330XU 3.2 Low2026-01-14
CVE-2026-22238 Administrator Account Creation Vulnerability in BLUVOYIX — BLUVOYIX 9.8AICriticalAI2026-01-14
CVE-2023-54335 eXtplorer<= 2.1.14 - Authentication Bypass & Remote Code Execution (RCE) — eXtplorer 9.8 Critical2026-01-13
CVE-2026-20803 Microsoft SQL Server Elevation of Privilege Vulnerability — Microsoft SQL Server 2022 (GDR) 7.2 High2026-01-13
CVE-2025-12548 Github.com/che-incubator/che-code: eclipse che — unauthenticated rce and secret exfiltration via tcp/3333 — Red Hat OpenShift Dev Spaces (RHOSDS) 3.22 9.0 Critical2026-01-13
CVE-2026-0492 Privilege escalation vulnerability in SAP HANA database — SAP HANA database 8.8 High2026-01-13
CVE-2026-22812 OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution — opencode 8.8 High2026-01-12
CVE-2026-22788 WebErpMesv2 allows unauthenticated API Access — WebErpMesv2 8.2 High2026-01-12
CVE-2026-0842 Flycatcher Toys smART Sketcher Bluetooth Low Energy missing authentication — smART Sketcher 6.3 Medium2026-01-11
CVE-2025-69425 Ruckus vRIoT IoT Controller < 3.0.0.0 Hardcoded Tokens RCE — vRIoT IoT Controller 9.8 -2026-01-09
CVE-2025-66049 Unprotected RTSP stream in Vivotek IP7137 cameras — IP7137 7.5 -2026-01-09
CVE-2025-15346 wolfSSL Python library `CERT_REQUIRED` mode fails to enforce client certificate requirement — wolfSSL-py 9.1 -2026-01-07
CVE-2017-20213 FLIR Thermal Camera F/FC/PT/D Stream 8.0.0.64 Unauthenticated Stream Disclosure — FLIR Thermal Camera F/FC/PT/D Stream 7.5 High2026-01-07
CVE-2025-31963 HCL BigFix IVR is impacted by improper authentication and missing CSRF protection — BigFix IVR 2.9 Low2026-01-07
CVE-2026-0650 OpenFlagr <= 1.1.18 Authentication Bypass via Prefix Whitelist Path Normalization — Flagr 8.2 -2026-01-07

Vulnerabilities classified as CWE-306 (关键功能的认证机制缺失) represent 1094 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.