Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18853

18853 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2025-53645 Zimbra Collaboration Suite 安全漏洞 — n/a 7.5AIHighAI2025-07-09
CVE-2025-4855 Support Board <= 3.8.0 - Unauthenticated Authorization Bypass due to Use of Default Secret Key — Support BoardCWE-639 9.8 Critical2025-07-08
CVE-2025-3780 WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.16 - Missing Authorization to Unauthenticated Plugin Settings Modification — WCFM – Frontend Manager for WooCommerceCWE-862 6.5 Medium2025-07-08
CVE-2025-4828 Support Board <= 3.8.0 - Unauthenticated Arbitrary File Deletion — Support BoardCWE-22 9.8 Critical2025-07-08
CVE-2025-49542 ColdFusion | Cross-site Scripting (Reflected XSS) (CWE-79) — ColdFusionCWE-79 5.2 Medium2025-07-08
CVE-2025-3648 Data Inference in Now Platform via Conditional ACLs — Now PlatformCWE-1220 5.3AIMediumAI2025-07-08
CVE-2024-55599 Fortinet FortiOS和Fortinet FortiProxy 安全特征问题漏洞 — FortiOSCWE-358 4.9 Medium2025-07-08
CVE-2025-40736 Siemens SINEC NMS 访问控制错误漏洞 — SINEC NMSCWE-306 9.8 Critical2025-07-08
CVE-2025-40735 Siemens SINEC NMS SQL注入漏洞 — SINEC NMSCWE-89 8.8 High2025-07-08
CVE-2025-6744 Woodmart <= 8.2.3 - Unauthenticated Arbitrary Shortcode Execution — WoodmartCWE-94 7.3 High2025-07-08
CVE-2025-7346 pyLoad 安全漏洞 — PyloadCWE-281 6.2AIMediumAI2025-07-08
CVE-2025-25271 OCPP Backend Configuration via Insecure Defaults — CHARX SEC-3150CWE-1188 8.8 High2025-07-08
CVE-2025-25270 Remote Code Execution via Unauthenticated Configuration Manipulation — CHARX SEC-3150CWE-913 9.8 Critical2025-07-08
CVE-2025-25269 Local Privilege Escalation via Unauthenticated Command Injection — CHARX SEC-3150CWE-78 8.4 High2025-07-08
CVE-2025-25268 Unauthenticated Configuration Access via Exposed API Endpoint — CHARX SEC-3150CWE-306 8.8 High2025-07-08
CVE-2025-24003 MQTT OOB Write Vulnerability in EichrechtAgents of German EV Charging Stations — CHARX SEC-3150CWE-120 8.2 High2025-07-08
CVE-2025-24002 MQTT DoS Vulnerability in German EV Charging Stations — CHARX SEC-3150CWE-20 5.3 Medium2025-07-08
CVE-2025-42956 Multiple vulnerabilities in SAP NetWeaver Application Server ABAP — SAP NetWeaver Application Server ABAPCWE-79 6.1 Medium2025-07-08
CVE-2025-5957 Guest Support – Complete customer support ticket system for WordPress <= 1.2.2 - Missing Authorization to Unauthenticated Ticket Deletion — Guest SupportCWE-862 5.3 Medium2025-07-08
CVE-2025-7146 Jhenggao iPublish System - Arbitrary File Reading through Path Traversal — iPublish SystemCWE-23 7.5 High2025-07-08
CVE-2025-42981 Multiple vulnerabilities in SAP NetWeaver Application Server ABAP — SAP NetWeaver Application Server ABAPCWE-601 6.1 Medium2025-07-08
CVE-2025-42969 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform — SAP NetWeaver Application Server ABAP and ABAP PlatformCWE-79 6.1 Medium2025-07-08
CVE-2025-42959 Missing Authentication check after implementation of SAP Security Note 3007182 and 3537476 — SAP NetWeaver ABAP Server and ABAP PlatformCWE-308 8.1 High2025-07-08
CVE-2025-20322 Denial of Service (DoS) in Search Head Cluster through Cross-Site Request Forgery (CSRF) in Splunk Enterprise — Splunk EnterpriseCWE-352 4.3 Medium2025-07-07
CVE-2025-20321 Membership State Change in Splunk Search Head Cluster through a Cross-Site Request Forgery (CSRF) in Splunk Enterprise — Splunk EnterpriseCWE-352 6.5 Medium2025-07-07
CVE-2025-53529 WeGIA allows SQL Injection in html/funcionario/profile_funcionario.php (id_funcionario parameter) — WeGIACWE-89 9.8 Critical2025-07-07
CVE-2025-48367 Redis DoS Vulnerability due to bad connection error handling — redisCWE-770 7.5 High2025-07-07
CVE-2025-6803 Marvell QConvergeConsole compressDriverFiles Directory Traversal Information Disclosure Vulnerability — QConvergeConsoleCWE-22 7.5AIHighAI2025-07-07
CVE-2025-4779 Stored Cross-site Scripting (XSS) in lunary-ai/lunary — lunary-ai/lunaryCWE-79 6.1AIMediumAI2025-07-07
CVE-2025-41672 WAGO: Vulnerability in WAGO Device Sphere — Wago Device SphereCWE-1188 10.0 Critical2025-07-07

Vulnerabilities classified as access:pre-auth represent 18853 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.