access:pre-auth — CVE vulnerabilities tagged 18853

18853 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-6437	Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated SQL Injection via oid — Ads Pro Plugin - Multi-Purpose WordPress Advertising ManagerCWE-89	7.5	High	2025-07-02
CVE-2025-4654	Soumettre.fr <= 2.1.5 - Improper Authorization to Unauthenticated Soumettre Posts Creation/Modification/Deletion — Soumettre.frCWE-285	3.7	Low	2025-07-02
CVE-2025-5746	Drag and Drop Multiple File Upload (Pro) - WooCommerce <= 1.7.1 and 5.0 - 5.0.5 - Unauthenticated Arbitrary File Upload — Drag and Drop Multiple File Upload (Pro) - WooCommerceCWE-434	9.8	Critical	2025-07-02
CVE-2025-4380	Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated Local File Inclusion — Ads Pro Plugin - Multi-Purpose WordPress Advertising ManagerCWE-98	8.1	High	2025-07-02
CVE-2025-4381	Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated SQL Injection — Ads Pro Plugin - Multi-Purpose WordPress Advertising ManagerCWE-89	7.5	High	2025-07-02
CVE-2025-6459	Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Cross-Site Request Forgery to PHP Code Injection in bsaCreateAdTemplate — Ads Pro Plugin - Multi-Purpose WordPress Advertising ManagerCWE-352	8.8	High	2025-07-02
CVE-2025-4689	Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated Local File Inclusion to Remote Code Execution — Ads Pro Plugin - Multi-Purpose WordPress Advertising ManagerCWE-98	9.8	Critical	2025-07-02
CVE-2025-45424	Xinference 安全漏洞 — n/a	9.8^AI	Critical^AI	2025-07-02
CVE-2025-34081	CONPROSYS HMI System (CHS) < 3.7.7 Exposed PHP Debug Info — CONPROSYS HMI System (CHS)CWE-215	5.3^AI	Medium^AI	2025-07-01
CVE-2025-34059	Dahua Smart Cloud Gateway Registration Management Platform SQL Injection — Smart Cloud Gateway Registration Management PlatformCWE-89	9.1^AI	Critical^AI	2025-07-01
CVE-2025-34065	AVTECH IP camera, DVR, and NVR Devices Authentication Bypass via /nobody URL Path — IP camera, DVR, and NVR DevicesCWE-290	9.8^AI	Critical^AI	2025-07-01
CVE-2025-34054	AVTECH IP camera, DVR, and NVR Devices Unauthenticated Command Injection — IP camera, DVR, and NVR DevicesCWE-78	9.8^AI	Critical^AI	2025-07-01
CVE-2025-34051	AVTECH DVR Devices Server-Side Request Forgery — DVR devicesCWE-918	9.1^AI	Critical^AI	2025-07-01
CVE-2025-37097	HPE Insight Remote Support 安全漏洞 — Insight Remote Support	7.5^AI	High^AI	2025-07-01
CVE-2025-36582	Dell NetWorker 安全漏洞 — NetWorkerCWE-757	4.8	Medium	2025-07-01
CVE-2025-5314	Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer <= 2.3.65 - DOM-Based Reflected Cross-Site Scripting via 'pdf-source' — Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewerCWE-79	6.1	Medium	2025-07-01
CVE-2025-41648	Pilz: Authentication Bypass in IndustrialPI Webstatus — IndustrialPI 4 with IndustrialPI webstatusCWE-704	9.8	Critical	2025-07-01
CVE-2025-41656	Pilz: Missing Authentication in Node-RED integration — IndustrialPI 4 with Firmware BullseyeCWE-306	10.0	Critical	2025-07-01
CVE-2025-6934	Opal Estate Pro <= 1.7.5 - Unauthenticated Privilege Escalation via 'on_regiser_user' — Opal Estate Pro – Property Management and SubmissionCWE-269	9.8	Critical	2025-07-01
CVE-2025-5937	MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet <= 3.2.0 - Cross-Site Request Forgery to Settings Reset — MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, WalletCWE-352	4.3	Medium	2025-06-28
CVE-2025-5304	PT Project Notebooks 1.0.0 - 1.1.3 - Missing Authorization to Unauthenticated Privilege Escalation via wpnb_pto_new_users_add Function — PT Project Notebooks – Take Meeting minutes, create budgets, track task management, and moreCWE-862	9.8	Critical	2025-06-28
CVE-2025-5310	Dover Fueling Solutions ProGauge MagLink LX Consoles Missing Authentication for Critical Function — ProGauge MagLink LX 4CWE-306	9.8	Critical	2025-06-27
CVE-2025-6522	TrendMakers Sight Bulb Pro Command Injection — Sight Bulb Pro Firmware ZJ_CG32-2201CWE-77	5.4	Medium	2025-06-27
CVE-2025-53091	WeGIA has Unauthenticated Time-Based Blind SQL Injection in almox Parameter — WeGIACWE-89	9.8^AI	Critical^AI	2025-06-27
CVE-2024-12827	DWT - Directory & Listing WordPress Theme <= 3.3.6 - Unauthenticated Arbitrary User Password Reset — DWT - Directory & Listing WordPress ThemeCWE-620	9.8	Critical	2025-06-27
CVE-2025-2940	Ninja Tables – Easy Data Table Builder <= 5.0.18 - Unauthenticated Server-Side Request Forgery — Ninja Tables – Easy Data Table BuilderCWE-918	7.2	High	2025-06-27
CVE-2025-6688	Simple Payment 1.3.6 - 2.3.8 - Authentication Bypass to Admin — Simple PaymentCWE-288	9.8	Critical	2025-06-27
CVE-2025-5936	VR Calendar <= 2.4.7 - Cross-Site Request Forgery to Calendar Sync — VR CalendarCWE-352	4.3	Medium	2025-06-27
CVE-2025-3699	Mitsubishi Electric多款产品访问控制错误漏洞 — G-50CWE-306	9.8	Critical	2025-06-26
CVE-2025-52477	Octo-STS Vulnerable to Unauthenticated SSRF with HTTP Response Reflection in OIDC Flow — appCWE-918	8.6	High	2025-06-26

Vulnerabilities classified as access:pre-auth represent 18853 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

access:pre-auth — CVE vulnerabilities tagged 18853