Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18840

18840 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2025-62430 ClipBucket v5 stored XSS via video/photo fields — clipbucket-v5CWE-79 5.4 Medium2025-10-17
CVE-2025-59043 OpenBao vulnerable to denial of service via malicious JSON request processing — openbaoCWE-400 7.5 High2025-10-17
CVE-2025-11900 HGiga|iSherlock - OS Command Injection — iSherlock 4.5CWE-78 9.8 Critical2025-10-17
CVE-2025-11899 Flowring Technology|Agentflow - Use of Hard-coded Cryptographic Key — AgentflowCWE-321 8.1 High2025-10-17
CVE-2025-11898 Flowring Technology|Agentflow - Arbitrary File Reading through Path Traversal — AgentflowCWE-23 7.5 High2025-10-17
CVE-2025-6950 Moxa多款产品 安全漏洞 — EDR-G9010 SeriesCWE-798 9.8AICriticalAI2025-10-17
CVE-2025-62642 Restaurant Brands International assistant platform 安全漏洞 — assistant platformCWE-862 5.8 Medium2025-10-17
CVE-2025-34255 D-Link Nuclias Connect <= v1.3.1.4 Forgot Password Account Enumeration — Nuclias ConnectCWE-204 5.3AIMediumAI2025-10-16
CVE-2025-34254 D-Link Nuclias Connect <= v1.3.1.4 Login Account Enumeration — Nuclias ConnectCWE-204 5.3AIMediumAI2025-10-16
CVE-2025-34512 Ilevia EVE X1 Server 4.7.18.0.eden Reflected XSS — EVE X1 ServerCWE-79 6.1AIMediumAI2025-10-16
CVE-2025-34513 Ilevia EVE X1 Server 4.7.18.0.eden Unauthenticated Command Injection — EVE X1 ServerCWE-78 9.8AICriticalAI2025-10-16
CVE-2025-34516 Ilevia EVE X1 Server 4.7.18.0.eden Use of Default Credentials — EVE X1 ServerCWE-1392 9.8AICriticalAI2025-10-16
CVE-2025-62586 OPEXUS FOIAXpress unauthenticated administrator password reset — FOIAXpressCWE-306 9.8 Critical2025-10-16
CVE-2025-10611 Potential Broken Access Control in Multiple WSO2 Products via System REST APIs — WSO2 API Manager 9.8 Critical2025-10-16
CVE-2025-10849 Felan Framework <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation/Deactivation via process_plugin_actions — Felan FrameworkCWE-862 5.3 Medium2025-10-16
CVE-2025-10742 Truelysell Core <= 1.8.6 - Unauthenticated Arbitrary User Password Change — Truelysell CoreCWE-639 9.8 Critical2025-10-16
CVE-2025-10850 Felan Framework <= 1.1.4 - Hardcoded Credentials — Felan FrameworkCWE-798 9.8 Critical2025-10-16
CVE-2025-11814 Ultimate Addons for WPBakery Page Builder < 3.21.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Ultimate Addons for WPBakeryCWE-79 6.4 Medium2025-10-16
CVE-2025-10700 Ally - Web Accessibility & Usability <= 3.8.0 - Cross-Site Request Forgery to Plugin Settings Update — Ally – Web Accessibility & UsabilityCWE-352 4.3 Medium2025-10-16
CVE-2025-56699 Base Digitale Centrax Open PSIM 安全漏洞 — n/a 9.8AICriticalAI2025-10-16
CVE-2025-20360 Multiple Cisco Products Snort 3 MIME Denial of Service Vulnerability — Cisco Cyber VisionCWE-805 5.8 Medium2025-10-15
CVE-2025-20359 Multiple Cisco Products Snort 3 MIME Information Disclosure or Denial of Service Vulnerability — Cisco Cyber VisionCWE-127 6.5 Medium2025-10-15
CVE-2025-20351 Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Cross-Site Scripting Vulnerability — Cisco Session Initiation Protocol (SIP) SoftwareCWE-79 6.1 Medium2025-10-15
CVE-2025-20350 Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Denial of Service Vulnerability — Cisco Session Initiation Protocol (SIP) SoftwareCWE-121 7.5 High2025-10-15
CVE-2025-58133 Zoom Rooms Clients - Authentication Bypass — Zoom RoomsCWE-288 5.3 Medium2025-10-15
CVE-2025-59268 BIG-IP Configuration utility vulnerability — BIG-IPCWE-201 5.3 Medium2025-10-15
CVE-2025-11701 Zip Attachments <= 1.6 - Missing Authorization to Unauthenticated Private And Password-Protected Posts Attachment Disclosure — Zip AttachmentsCWE-862 5.3 Medium2025-10-15
CVE-2025-10313 Find And Replace content for WordPress <= 1.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting — Find And Replace content for WordPressCWE-862 7.2 High2025-10-15
CVE-2025-11728 Oceanpayment CreditCard Gateway <= 6.0 - Missing Authentication to Unauthenticated Order Status Update — Oceanpayment CreditCard GatewayCWE-306 5.3 Medium2025-10-15
CVE-2025-10486 Content Writer <= 3.6.8 - Unauthenticated Information Exposure via Log File — Content WriterCWE-532 5.3 Medium2025-10-15

Vulnerabilities classified as access:pre-auth represent 18840 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.