Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19344

19344 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2026-8467 Unauthenticated remote code execution via HEEx template injection in phoenix_storybook playground — phoenix_storybookCWE-94--2026-05-20
CVE-2026-8469 Unauthenticated denial-of-service via BEAM atom table exhaustion in phoenix_storybook — phoenix_storybookCWE-770--2026-05-20
CVE-2026-5950 Unbounded resend loop in BIND 9 resolver — BIND 9CWE-606 5.3 Medium2026-05-20
CVE-2026-6728 Slider Revolution <= 7.0.9 - Unauthenticated Sensitive Information Exposure via 'sliders/stream' — Slider RevolutionCWE-200 5.3 Medium2026-05-20
CVE-2026-9064 389-ds-base: 389-ds-base: unbounded ldap controls count in get_ldapmessage_controls_ext() causes cpu and heap amplification (remote dos) — Red Hat Directory Server 11CWE-770 7.5 High2026-05-20
CVE-2026-6405 Anomify AI <= 0.3.6 - Cross-Site Request Forgery — Anomify AI – Anomaly Detection and AlertingCWE-352 4.3 Medium2026-05-20
CVE-2026-7385 Decent Comments < 3.0.2 - Unauthenticated Email Address Disclosure — Decent Comments--2026-05-20
CVE-2026-5776 Email Encoder < 2.4.7 - Unauthenticated Stored XSS — Email Encoder--2026-05-20
CVE-2026-2955 AI Chatbot & Workflow Automation by AIWU <= 1.4.14 - Unauthenticated Stored Cross-Site Scripting via 'X-Forwarded-For' Header — AI Chatbot & Workflow Automation by AIWUCWE-79 6.4 Medium2026-05-20
CVE-2026-9003 TONNET|E-LAN Hybrid Recording System - SQL Injection — TPR7308CWE-89 7.5 High2026-05-20
CVE-2026-7637 Boost <= 2.0.3 - Unauthenticated PHP Object Injection via STYXKEY-BOOST_USER_LOCATION Cookie — BoostCWE-502 9.8 Critical2026-05-20
CVE-2025-15369 Xpro Addons — 140+ Widgets for Elementor <= 1.5.0 - Missing Authorization to Unauthenticated Xpro Template Creation — Xpro Addons — 140+ Widgets for ElementorCWE-862 5.3 Medium2026-05-20
CVE-2026-9010 Boost <= 2.0.3 - Unauthenticated Blind SQL Injection via Multiple Parameters — BoostCWE-89 7.5 High2026-05-20
CVE-2026-6395 Word 2 Cash <= 0.9.2 - Cross-Site Request Forgeryto Stored Cross-Site Scripting via Settings Page — Word 2 CashCWE-352 6.1 Medium2026-05-20
CVE-2026-6400 Child Height Predictor by Ostheimer <= 1.3 - Cross-Site Request Forgery to Settings Update via Plugin Settings Form — Child Height Predictor by OstheimerCWE-352 4.3 Medium2026-05-20
CVE-2026-6401 Bottom Bar <= 0.1.7 - Cross-Site Request Forgery to Settings Update — Bottom BarCWE-352 4.3 Medium2026-05-20
CVE-2026-8424 Remove Yellow BGBOX <= 1.0 - Cross-Site Request Forgery — Remove Yellow BGBOXCWE-352 4.3 Medium2026-05-20
CVE-2026-6072 Oliver POS <= 2.4.2.6 - Unauthenticated Authorization Bypass Through User-Controlled Key to 'OliverAuth' Header — Oliver POS – A WooCommerce Point of Sale (POS)CWE-639 6.5 Medium2026-05-20
CVE-2026-8419 Amazon Scraper <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Update — Amazon ScraperCWE-352 4.3 Medium2026-05-20
CVE-2026-6394 Nexa Blocks <= 1.1.1 - Unauthenticated Blind Server-Side Request Forgery via 'demo_json_file' Parameter — Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSECWE-918 5.4 Medium2026-05-20
CVE-2026-8420 BLOGCHAT Chat System <= 1.3.6.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Update — BLOGCHAT Chat SystemCWE-352 6.1 Medium2026-05-20
CVE-2026-6391 Sentence To SEO (keywords, description and tags) <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Page Parameters — Sentence To SEO (keywords, description and tags)CWE-352 6.1 Medium2026-05-20
CVE-2026-7462 VatanSMS WP SMS <= 1.01 - Reflected Cross-Site Scripting via 'page' Parameter — VatanSMS WP SMSCWE-79 6.1 Medium2026-05-20
CVE-2026-8423 JaviBola Custom Theme Test <= 2.0.5 - Cross-Site Request Forgery — JaviBola Custom Theme TestCWE-352 4.3 Medium2026-05-20
CVE-2026-8626 SponsorMe <= 0.5.2 - Reflected Cross-Site Scripting via PHP_SELF Parameter — SponsorMeCWE-79 6.1 Medium2026-05-20
CVE-2026-6452 Bigfishgames Syndicate <= 1.2 - Cross-Site Request Forgery to Settings Reset and Update — Bigfishgames SyndicateCWE-352 4.3 Medium2026-05-20
CVE-2026-8627 Correct Prices <= 1.0 - Reflected Cross-Site Scripting via PHP_SELF Parameter — Correct PricesCWE-79 6.1 Medium2026-05-20
CVE-2026-3985 Creative Mail – Easier WordPress & WooCommerce Email Marketing <= 1.6.9 - Unauthenticated SQL Injection via 'checkout_uuid' Parameter — Creative Mail – Easier WordPress & WooCommerce Email MarketingCWE-89 7.5 High2026-05-20
CVE-2026-7284 Easy Elements for Elementor <= 1.4.4 - Unauthenticated Privilege Escalation via easyel_handle_register — Easy Elements for Elementor – Addons & Website TemplatesCWE-269 9.8 Critical2026-05-20
CVE-2026-8624 LJ comments import: reloaded <= 0.97.1 - Reflected Cross-Site Scripting via PHP_SELF Parameter — LJ comments import: reloadedCWE-79 6.1 Medium2026-05-20

Vulnerabilities classified as access:pre-auth represent 19344 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.