Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18852

18852 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2025-7444 LoginPress Pro <= 5.0.1 - Authentication Bypass via WordPress.com OAuth provider — LoginPress ProCWE-288 9.8 Critical2025-07-18
CVE-2025-5811 Listly: Listicles For WordPress <= 2.7 - Unauthenticated Arbitrary Transient Deletion — Listly: Listicles For WordPressCWE-862 5.3 Medium2025-07-18
CVE-2025-7643 Attachment Manager <= 2.1.2 - Unauthenticated Arbitrary File Deletion — Attachment ManagerCWE-22 9.1 Critical2025-07-18
CVE-2025-6222 WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet <= 3.2.6 - Unauthenticated Arbitrary File Upload — WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User WalletCWE-434 9.8 Critical2025-07-18
CVE-2025-6053 Zuppler Online Ordering <= 2.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Zuppler Online OrderingCWE-352 6.1 Medium2025-07-18
CVE-2025-6781 Copymatic – AI Content Writer & Generator <= 2.1 - Cross-Site Request Forgery to Settings Update — Copymatic – AI Content Writer & GeneratorCWE-352 4.3 Medium2025-07-18
CVE-2025-52168 Agorum core open 安全漏洞 — n/a 7.5 -2025-07-18
CVE-2025-54068 Livewire vulnerable to remote command execution during property update hydration — livewireCWE-94 9.8AICriticalAI2025-07-17
CVE-2025-25257 Fortinet FortiWeb SQL注入漏洞 — FortiWebCWE-89 9.6 Critical2025-07-17
CVE-2025-7735 UNIMAX|Hospital Information System - SQL Injection — Hospital Information SystemCWE-89 7.5 High2025-07-17
CVE-2025-7712 Madara - Core <= 2.2.3 - Unauthenticated Arbitrary File Deletion — Madara - CoreCWE-22 9.1 Critical2025-07-17
CVE-2025-5396 Bears Backup <= 2.0.0 - Unauthenticated Remote Code Execution — Bears BackupCWE-94 9.8 Critical2025-07-17
CVE-2025-52046 TOTOLINK A3300R 安全漏洞 — n/a 9.8AICriticalAI2025-07-17
CVE-2025-34130 LILIN DVR Arbitrary File Read via net_html.cgi — DVR FirmwareCWE-306 9.8AICriticalAI2025-07-16
CVE-2025-34125 D-Link DSP-W110A1 Cookie Command Injection — DSP-W110A1CWE-78 9.8AICriticalAI2025-07-16
CVE-2025-34121 Idera Up.Time ≤ 7.2 post2file.php Arbitrary File Upload RCE — Up.Time Monitoring StationCWE-434 9.8AICriticalAI2025-07-16
CVE-2025-34120 LimeSurvey 2.0+ - 2.06+ Unauthenticated Arbitrary File Download via Serialized Backup Payload — LimeSurveyCWE-22 7.5AIHighAI2025-07-16
CVE-2025-34119 EasyCafe Server 2.2.14 Remote File Disclosure via Opcode 0x43 — EasyCafe ServerCWE-668 7.5AIHighAI2025-07-16
CVE-2025-34118 Linknat VOS Manager Path Traversal File Disclosure — VOS ManagerCWE-22 7.5AIHighAI2025-07-16
CVE-2025-34117 Netcore / Netis Routers RCE via UDP Port 53413 Backdoor — Router firmwareCWE-912 9.8AICriticalAI2025-07-16
CVE-2025-20337 Cisco ISE API Unauthenticated Remote Code Execution Vulnerability — Cisco Identity Services Engine SoftwareCWE-74 10.0 Critical2025-07-16
CVE-2025-20288 Cisco Unified Intelligence Center Server-Side Request Forgery Vulnerability — Cisco Unified Contact Center ExpressCWE-918 5.8 Medium2025-07-16
CVE-2025-53938 WeGIA vulnerable to Authentication Bypass due to Missing Session Validation in multiple endpoints — WeGIACWE-306 9.1AICriticalAI2025-07-16
CVE-2025-34300 Sawtooth Software Lighthouse Studio < 9.16.14 Pre-Authentication RCE — Lighthouse StudioCWE-20 9.8AICriticalAI2025-07-16
CVE-2025-7673 Zyxel VMG8825-T50K 安全漏洞 — VMG8825-T50K firmwareCWE-120 9.8 Critical2025-07-16
CVE-2025-7359 Counter live visitors for WooCommerce <= 1.3.6 - Unauthenticated Arbitrary File Deletion in wcvisitor_get_block — Counter live visitors for WooCommerceCWE-22 8.2 High2025-07-16
CVE-2025-52689 Weak Session ID Check in the OmniAccess Stellar Web Management Interface — OmniAccess Stellar ProductsCWE-384 9.8 Critical2025-07-16
CVE-2025-2800 WP Event Manager <= 3.1.50 - Unauthenticated Stored Cross-Site Scripting via 'organizer_name' — WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerceCWE-79 7.2 High2025-07-16
CVE-2025-6977 ProfileGrid – User Profiles, Groups and Communities <= 5.9.5.4 - Reflected Cross-Site Scripting via 'pm_get_messenger_notification' function — ProfileGrid – User Profiles, Groups and CommunitiesCWE-79 6.1 Medium2025-07-16
CVE-2025-30761 Oracle Java SE 安全漏洞 — Oracle Java SE 5.9 Medium2025-07-15

Vulnerabilities classified as access:pre-auth represent 18852 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.