Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

access:pre-auth — CVE vulnerabilities tagged 18802

18802 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPaused
CVE-2026-41473 CyberPanel < 2.4.4 Unauthenticated API Access via AI Scanner Endpoints — cyberpanelCWE-306 9.1AICriticalAI2026-04-24
CVE-2026-41472 CyberPanel < 2.4.4 Stored XSS via AI Scanner Dashboard — cyberpanelCWE-79 6.1AIMediumAI2026-04-24
CVE-2026-41477 Deskflow: Local privilege escalation via unauthenticated IPC — deskflowCWE-306 7.8 High2026-04-24
CVE-2026-41503 BACnet Stack: Out-of-Bounds Read in ReadPropertyMultiple Property Decoder via Deprecated Tag Parser — bacnet-stackCWE-125 7.5AIHighAI2026-04-24
CVE-2026-41502 BACnet Stack: Off-by-One Out-of-Bounds Read in ReadPropertyMultiple Object ID Decoder — bacnet-stackCWE-125 9.1AICriticalAI2026-04-24
CVE-2026-41475 BACnet Stack: Out-of-Bounds Read in WritePropertyMultiple Decoder via Deprecated Tag Parser — bacnet-stackCWE-125 7.5AIHighAI2026-04-24
CVE-2026-41428 Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpoints — budibaseCWE-287 9.1 Critical2026-04-24
CVE-2026-41426 pretalx: Email injection via unescaped user-controlled placeholders in pretalx mail templates — pretalxCWE-79 6.1 Medium2026-04-24
CVE-2026-41492 Unauthenticated Admin Token Disclosure Leading to Authentication Bypass via /debug/vars in Dgraph — dgraphCWE-200 9.8 Critical2026-04-24
CVE-2026-41327 Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in Upsert Condition Field — dgraphCWE-943 9.1 Critical2026-04-24
CVE-2026-41328 Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in NQuad Lang Field — dgraphCWE-943 9.1 Critical2026-04-24
CVE-2026-41680 Marked: OOM Denial of Service via Infinite Recursion in marked Tokenizer — markedCWE-400 7.5AIHighAI2026-04-24
CVE-2026-6911 Authentication Bypass via Missing JWT Signature Verification in AWS Ops Wheel — AWS Ops WheelCWE-347 9.8 Critical2026-04-24
CVE-2026-39920 BridgeHead FileStore < 24A Apache Axis2 Default Credentials RCE — FileStoreCWE-1188 9.8 Critical2026-04-24
CVE-2026-6043 Insecure Default Configuration in P4 Server — Helix Core Server (P4D)CWE-1188 9.8AICriticalAI2026-04-24
CVE-2026-3569 Liaison Site Prober <= 1.2.1 - Missing Authorization to Unauthenticated Information Exposure in '/logs' REST API Endpoint — Liaison Site ProberCWE-862 5.3 Medium2026-04-24
CVE-2026-3565 Taqnix <= 1.0.3 - Cross-Site Request Forgery to Account Deletion via 'taqnix_delete_my_account' AJAX Action — TaqnixCWE-352 4.3 Medium2026-04-24
CVE-2026-5347 WP Books Gallery <= 4.8.0 - Missing Authorization to Unauthenticated Settings Update via 'permalink_structure' Parameter — WP Books Gallery – Build Stunning Book Showcases & Libraries in MinutesCWE-862 5.3 Medium2026-04-24
CVE-2026-5364 Drag and Drop File Upload for Contact Form 7 <= 1.1.3 - Unauthenticated Arbitrary File Upload via sanitize_file_name Bypass — Drag and Drop File Upload for Contact Form 7CWE-434 8.1 High2026-04-24
CVE-2026-6947 D-Link|DWM-222W USB Wi-Fi Adapter - Brute-Force Protection Bypass — DWM-222WCWE-307 7.5 High2026-04-24
CVE-2026-25775 SenseLive X3050 Missing authentication for critical function — X3050CWE-306 9.8 Critical2026-04-24
CVE-2026-35064 SenseLive X3050 Missing authentication for critical function — X3050CWE-306 7.5 High2026-04-24
CVE-2026-30368 Lightspeed Classroom v5.1.2客户端授权绕过漏洞致设备失控 — n/a 9.1AICriticalAI2026-04-24
CVE-2026-41343 OpenClaw < 2026.3.31 - Denial of Service via LINE Webhook Handler Pre-Auth Concurrency — OpenClawCWE-799 5.3 Medium2026-04-23
CVE-2026-41342 OpenClaw < 2026.3.28 - Unauthenticated Discovery Endpoint Credential Exfiltration via Remote Onboarding — OpenClawCWE-346 7.3 High2026-04-23
CVE-2026-28525 SWUpdate Integer Underflow in Multipart Upload Parser — swupdateCWE-191 6.8 Medium2026-04-23
CVE-2026-6376 Missing authentication for critical function in SpiceJet Online Booking System — Online Booking SystemCWE-306 5.3AIMediumAI2026-04-23
CVE-2026-6375 Authorization bypass through User-Controlled key in SpiceJet Online Booking System — Online Booking SystemCWE-639 5.3AIMediumAI2026-04-23
CVE-2026-41264 Flowise: CSV Agent Prompt Injection Remote Code Execution Vulnerability — FlowiseCWE-184 9.8AICriticalAI2026-04-23
CVE-2026-41265 Flowise: Airtable_Agent Code Injection Remote Code Execution Vulnerability — FlowiseCWE-77 9.6AICriticalAI2026-04-23

Vulnerabilities classified as access:pre-auth represent 18802 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.