Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18842

18842 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2025-57432 Blackmagic Design Web Presenter 安全漏洞 — n/a 6.5AIMediumAI2025-09-22
CVE-2025-57437 Blackmagic Design Web Presenter HD 安全漏洞 — n/a 5.3AIMediumAI2025-09-22
CVE-2025-57440 Blackmagic Design ATEM Mini Pro 安全漏洞 — n/a 8.8AIHighAI2025-09-22
CVE-2025-57441 Blackmagic Design ATEM Mini Pro 安全漏洞 — n/a 7.5AIHighAI2025-09-22
CVE-2025-10760 Harness lookup_repo.go LookupRepo server-side request forgery — HarnessCWE-918 6.3 Medium2025-09-21
CVE-2025-9883 Browser Sniff <= 2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Browser SniffCWE-352 6.1 Medium2025-09-20
CVE-2025-9887 Custom Login And Signup Widget <= 1.0 - Cross-Site Request Forgery — Custom Login And Signup WidgetCWE-352 4.3 Medium2025-09-20
CVE-2025-9882 osTicket WP Bridge <= 1.9.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting — osTicket WP BridgeCWE-352 6.1 Medium2025-09-20
CVE-2025-10658 SupportCandy – Helpdesk & Customer Support Ticket System <= 3.3.7 - Authentication Bypass to Support Session Takeover — SupportCandy – Helpdesk & Customer Support Ticket SystemCWE-307 6.5 Medium2025-09-20
CVE-2025-9949 Internal Links Manager <= 3.0.1 - Cross-Site Request Forgery — Internal Links ManagerCWE-352 4.3 Medium2025-09-20
CVE-2022-4980 General Bytes Crypto Application Server (CAS) Unauthenticated Creation of Admin Account via Default-installation/First-admin Page — Crypto Application Server (CAS)CWE-306 9.8 -2025-09-19
CVE-2025-26516 CVE-2025-26516 Denial of Service Vulnerability in StorageGRID (formerly StorageGRID Webscale) — StorageGRIDCWE-405 5.3 Medium2025-09-19
CVE-2025-34202 Vasion Print (formerly PrinterLogic) Insecure Access to Docker Instances WAN — Print Virtual Appliance HostCWE-291 7.1 -2025-09-19
CVE-2025-26515 CVE-2025-26515 Server-Side Request Forgery Vulnerability in StorageGRID (formerly StorageGRID Webscale) — StorageGRIDCWE-918 7.5 High2025-09-19
CVE-2025-36248 IBM Copy Services Manager cross-site scripting — Copy Services ManagerCWE-79 6.1 Medium2025-09-19
CVE-2025-7665 Miniorange OTP Verification with Firebase 3.1.0 - 3.6.2 - Unauthenticated Privilege Escalation — Miniorange OTP Verification with FirebaseCWE-862 8.1 High2025-09-19
CVE-2025-5948 Service Finder Bookings <= 6.0 - Unauthenticated Privilege Escalation via claim_business — Service Finder BookingsCWE-639 9.8 Critical2025-09-19
CVE-2025-5955 Service Finder SMS System <= 2.0.0 - Authentication Bypass — Service Finder SMS SystemCWE-288 8.1 High2025-09-19
CVE-2025-10146 Download Manager <= 3.3.23 - Reflected Cross-Site Scripting via `user_ids` Parameter — Download ManagerCWE-79 6.1 Medium2025-09-19
CVE-2025-10690 Goza - Nonprofit Charity WordPress Theme <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary File Upload via Plugin Installation — Goza - Nonprofit Charity WordPress ThemeCWE-862 9.8 Critical2025-09-19
CVE-2025-48703 Control Web Panel 操作系统命令注入漏洞 — CentOS Web PanelCWE-78 9.0 Critical2025-09-19
CVE-2025-57296 Tenda AC6 安全漏洞 — n/a 9.8 -2025-09-19
CVE-2025-47698 Cognex多款产品 安全漏洞 — In-Sight 2000 seriesCWE-319 6.5AIMediumAI2025-09-18
CVE-2025-54754 Cognex In-Sight Explorer and In-Sight Camera Firmware Use of Hard-coded Password — In-Sight 2000 seriesCWE-259 8.0 High2025-09-18
CVE-2025-10493 Chained Quiz <= 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie — Chained QuizCWE-639 5.3 Medium2025-09-18
CVE-2023-49564 Authentication Bypass — CBIS,NCS 9.1AICriticalAI2025-09-18
CVE-2025-9083 Ninja-forms < 3.11.1 - Unauthenticated PHP Objection — Ninja Forms 9.8AICriticalAI2025-09-18
CVE-2025-55912 ClipBucket 安全漏洞 — n/a 9.8AICriticalAI2025-09-18
CVE-2025-37122 Unauthenticated Reflected Cross-Site Scripting — HPE Aruba Networking ClearPass Policy Manager 6.1 Medium2025-09-17
CVE-2025-59345 Dragonfly did not enable authentication for some Manager’s endpoints — dragonflyCWE-306 9.1AICriticalAI2025-09-17

Vulnerabilities classified as access:pre-auth represent 18842 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.