access:pre-auth — CVE vulnerabilities tagged 18843

18843 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-20159	Cisco IOS XR Software Management Interface ACL Bypass Vulnerability — Cisco IOS XR SoftwareCWE-284	5.3	Medium	2025-09-10
CVE-2025-9943	Unauthenticated SQL Injection Vulnerability in Shibboleth Service Provider — Service ProviderCWE-89	9.1^AI	Critical^AI	2025-09-10
CVE-2025-9622	WP Blast \| SEO & Performance Booster <= 1.8.6 - Cross-Site Request Forgery to Cache Clearing — WP Blast \| SEO & Performance BoosterCWE-352	4.3	Medium	2025-09-10
CVE-2025-9888	Maspik <= 2.5.6 - Cross-Site Request Forgery — Maspik – Ultimate Spam ProtectionCWE-352	4.3	Medium	2025-09-10
CVE-2025-55976	Intelbras IWR 3000N 安全漏洞 — n/a	5.5^AI	Medium^AI	2025-09-10
CVE-2025-58135	Zoom Workplace Clients for Windows - Improper Action Enforcement — Zoom Workplace Clients for WindowsCWE-837	5.3	Medium	2025-09-09
CVE-2025-49461	Zoom Workplace Clients - Cross-site Scripting — Zoom Workplace ClientsCWE-79	4.3	Medium	2025-09-09
CVE-2025-49460	Zoom Workplace Clients - Argument Injection — Zoom Workplace ClientsCWE-400	4.3	Medium	2025-09-09
CVE-2025-58462	OPEXUS FOIAXpress PAL SQL injection — FOIAXpress Public Access Link (PAL)CWE-89	9.8	Critical	2025-09-09
CVE-2025-7635	Calix GigaCenter ONT - Unauthenticated Telnet — GigaCenter ONTCWE-306	9.8^AI	Critical^AI	2025-09-09
CVE-2025-58761	Tautulli vulnerable to Unauthenticated Path Traversal in `real_pms_image_proxy` — TautulliCWE-27	8.6	High	2025-09-09
CVE-2025-58760	Tautulli vulnerable to Unauthenticated Path Traversal in `/image` endpoint — TautulliCWE-23	8.6	High	2025-09-09
CVE-2025-53796	Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability — Windows Server 2008 R2 Service Pack 1CWE-126	6.5	Medium	2025-09-09
CVE-2025-55143	Ivanti多款产品跨站脚本漏洞 — Connect SecureCWE-79	6.1	Medium	2025-09-09
CVE-2025-55147	Ivanti多款产品跨站请求伪造漏洞 — Connect SecureCWE-352	8.8	High	2025-09-09
CVE-2025-8711	Ivanti多款产品跨站请求伪造漏洞 — Connect SecureCWE-352	5.4	Medium	2025-09-09
CVE-2025-9872	Ivanti Endpoint Manager 安全漏洞 — Endpoint ManagerCWE-434	8.8	High	2025-09-09
CVE-2025-9712	Ivanti Endpoint Manager 安全漏洞 — Endpoint ManagerCWE-434	8.8	High	2025-09-09
CVE-2025-10183	XML External Entity Injection in TecConnect 4.1 — TecConnectCWE-611	9.1	Critical	2025-09-09
CVE-2025-7350	Rockwell Automation Stratix® IOS Cross-Site Request Forgery to Code Execution Vulnerability — Stratix IOSCWE-74	9.8^AI	Critical^AI	2025-09-09
CVE-2025-41701	Beckhoff: Deserialization of untrusted data by TwinCAT 3 Engineering — TE1000 \| TwinCAT 3 EnineeringCWE-502	7.8	High	2025-09-09
CVE-2025-40803	Siemens RUGGEDCOM RST2428P 信息泄露漏洞 — RUGGEDCOM RST2428PCWE-200	3.1	Low	2025-09-09
CVE-2025-40798	Siemens SIMATIC PCS neo 缓冲区错误漏洞 — SIMATIC PCS neo V4.1CWE-125	7.5	High	2025-09-09
CVE-2025-40797	Siemens SIMATIC PCS neo 缓冲区错误漏洞 — SIMATIC PCS neo V4.1CWE-125	7.5	High	2025-09-09
CVE-2025-40796	Siemens SIMATIC PCS neo 缓冲区错误漏洞 — SIMATIC PCS neo V4.1CWE-125	7.5	High	2025-09-09
CVE-2025-40795	Siemens SIMATIC PCS neo 安全漏洞 — SIMATIC PCS neo V4.1CWE-121	9.8	Critical	2025-09-09
CVE-2025-10134	Goza - Nonprofit Charity WordPress Theme <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary File Deletion — Goza - Nonprofit Charity WordPress ThemeCWE-73	9.1	Critical	2025-09-09
CVE-2025-10123	D-Link DIR-823X set_static_leases sub_415028 command injection — DIR-823XCWE-77	7.3	High	2025-09-09
CVE-2025-42944	Insecure Deserialization vulnerability in SAP Netweaver (RMI-P4) — SAP Netweaver (RMI-P4)CWE-502	10.0	Critical	2025-09-09
CVE-2025-42938	Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform — SAP NetWeaver ABAP PlatformCWE-79	6.1	Medium	2025-09-09

Vulnerabilities classified as access:pre-auth represent 18843 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

access:pre-auth — CVE vulnerabilities tagged 18843