Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18842

18842 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2025-8120 Remote Code Execution via Unrestricted File Upload in PAD CMS — PAD CMSCWE-434 9.8AICriticalAI2025-09-30
CVE-2025-7065 Remote Code Execution via Unrestricted File Upload in PAD CMS — PAD CMSCWE-434 9.8AICriticalAI2025-09-30
CVE-2025-7063 Remote Code Execution via Unrestricted File Upload in PAD CMS — PAD CMSCWE-434 9.8AICriticalAI2025-09-30
CVE-2025-8877 AffiliateWP <= 2.28.2 - Unauthenticated SQL Injection — AffiliateWPCWE-89 7.5 High2025-09-30
CVE-2025-7038 LatePoint <= 5.1.94 - Unauthenticated Authentication Bypass via load_step Function — LatePoint – Calendar Booking Plugin for Appointments and EventsCWE-288 8.2 High2025-09-30
CVE-2025-7052 LatePoint <= 5.1.94 - Cross-Site Request Forgery to Account Takeover via change_password() Function — LatePoint – Calendar Booking Plugin for Appointments and EventsCWE-352 8.8 High2025-09-30
CVE-2025-9946 LockerPress – WordPress Security Plugin <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting — LockerPress – WordPress Security PluginCWE-352 6.1 Medium2025-09-30
CVE-2025-9948 Chat by Chatwee <= 2.1.3 - Cross-Site Request Forgery to Settings Update — Chat by ChatweeCWE-352 4.3 Medium2025-09-30
CVE-2025-9991 Tiny Bootstrap Elements Light <= 4.3.34 - Unauthenticated Local File Inclusion — Tiny Bootstrap Elements LightCWE-98 8.1 High2025-09-30
CVE-2025-9762 Post By Email <= 1.0.4b - Unauthenticated Arbitrary File Upload via Email Attachments — Post By EmailCWE-78 9.8 Critical2025-09-30
CVE-2025-8625 Copypress Rest API 1.1 - 1.2 - Missing Configurable JWT Secret and File-Type Validation to Unauthenticated Remote Code Execution — Copypress Rest APICWE-321 9.8 Critical2025-09-30
CVE-2025-55797 FormCMS 安全漏洞 — n/a 5.3AIMediumAI2025-09-30
CVE-2025-56132 Liquidfiles 安全漏洞 — n/a 5.3AIMediumAI2025-09-30
CVE-2025-34221 Vasion Print (formerly PrinterLogic) — Print Virtual Appliance HostCWE-306 10.0AICriticalAI2025-09-29
CVE-2025-34215 Vasion Print (formerly PrinterLogic) Unauthenticated Firmware Update Endpoint RCE — Print Virtual Appliance HostCWE-306 9.8AICriticalAI2025-09-29
CVE-2025-34224 Vasion Print (formerly PrinterLogic) Unauthenticated Device Modification — Print Virtual Appliance HostCWE-306 9.8AICriticalAI2025-09-29
CVE-2025-34220 Vasion Print (formerly PrinterLogic) Unauthenticated API Leaks Group Information — Print Virtual Appliance HostCWE-306 5.3AIMediumAI2025-09-29
CVE-2025-34222 Vasion Print (formerly PrinterLogic) Unauthenticated Admin APIs Used to Modify SSL Certificates — Print Virtual Appliance HostCWE-306 9.8AICriticalAI2025-09-29
CVE-2025-34228 Vasion Print (formerly PrinterLogic) SSRF via Lexmark update.php — Print Virtual Appliance HostCWE-306 9.1AICriticalAI2025-09-29
CVE-2025-34229 Vasion Print (formerly PrinterLogic) Blind SSRF via HP installApp.php — Print Virtual Appliance HostCWE-306 9.1AICriticalAI2025-09-29
CVE-2025-34230 Vasion Print (formerly PrinterLogic) Blind SSRF via HP log_off_single_sign_on.php — Print Virtual Appliance HostCWE-306 9.1AICriticalAI2025-09-29
CVE-2025-34231 Vasion Print (formerly PrinterLogic) SSRF via HP badgeSetup.php — Print Virtual Appliance HostCWE-306 9.1AICriticalAI2025-09-29
CVE-2025-34225 Vasion Print (formerly PrinterLogic) SSRF via console_release Directory — Print Virtual Appliance HostCWE-306 9.1AICriticalAI2025-09-29
CVE-2025-34216 Vasion Print (formerly PrinterLogic) RCE and Password Leaks via API — Print Virtual Appliance HostCWE-306 9.8AICriticalAI2025-09-29
CVE-2025-34223 Vasion Print (formerly PrinterLogic) Insecure Installation Credentials — Print Virtual Appliance HostCWE-798 9.8AICriticalAI2025-09-29
CVE-2025-34218 Vasion Print (formerly PrinterLogic) Exposed Internal Docker Instance — Print Virtual Appliance HostCWE-306 5.8AIMediumAI2025-09-29
CVE-2025-34232 Vasion Print (formerly PrinterLogic) Blind SSRF via Lexmark dellCheck.php — Print Virtual Appliance HostCWE-306 9.1AICriticalAI2025-09-29
CVE-2025-35034 Medical Informatics Engineering Enterprise Health reflected cross site scripting via portlet_user_id — Enterprise HealthCWE-79 4.3 Medium2025-09-29
CVE-2025-35030 Medical Informatics Engineering Enterprise Health cross site request forgery — Enterprise HealthCWE-352 8.1 High2025-09-29
CVE-2025-41252 Username enumeration vulnerability — NSXCWE-203 7.5 High2025-09-29

Vulnerabilities classified as access:pre-auth represent 18842 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.