Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18853

18853 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2025-25037 Aquatronica Controller System Complete Information Disclosure — Aquatronica Controller SystemCWE-200 9.8AICriticalAI2025-06-20
CVE-2025-25034 SugarCRM PHP Deserialization RCE — SugarCRMCWE-502 9.8AICriticalAI2025-06-20
CVE-2024-53298 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFSCWE-862 9.8 Critical2025-06-20
CVE-2025-44203 Hoteldruid 安全漏洞 — n/a 9.1AICriticalAI2025-06-20
CVE-2025-50201 WeGIA OS Command Injection in debug_info.php parameter 'branch' — WeGIACWE-78 9.8 Critical2025-06-19
CVE-2025-20260 ClamAV PDF Scanning Buffer Overflow Vulnerability — ClamAVCWE-122 9.8 Critical2025-06-18
CVE-2025-20271 Cisco Meraki MX and Z Series AnyConnect VPN with Client Certificate Authentication Denial of Service Vulnerability — Cisco Meraki MX FirmwareCWE-457 8.6 High2025-06-18
CVE-2025-20234 ClamAV UDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability — Cisco Secure EndpointCWE-125 5.3 Medium2025-06-18
CVE-2025-4821 Incorrect congestion window growth by invalid ACK ranges — quicheCWE-770 7.5 High2025-06-18
CVE-2025-4820 Incorrect congestion window growth by optimistic ACK — quicheCWE-770 5.3 Medium2025-06-18
CVE-2025-1562 Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit <= 3.5.3 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation — FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerceCWE-862 9.8 Critical2025-06-18
CVE-2025-26198 CloudClassroom-PHP-Project 安全漏洞 — n/a 9.8AICriticalAI2025-06-18
CVE-2025-34509 Sitecore XM and XP Hardcoded Credentials — Experience ManagerCWE-798 7.5 High2025-06-17
CVE-2025-3515 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.9 - Unauthenticated Arbitrary File Upload via Insufficient Blacklist Checks — Drag and Drop Multiple File Upload for Contact Form 7CWE-434 8.1 High2025-06-17
CVE-2025-3774 Wise Chat <= 3.3.4 - Unauthenticated Stored Cross-Site Scripting via X-Forwarded-For Header — Wise ChatCWE-79 7.2 High2025-06-17
CVE-2025-6087 SSRF vulnerability in opennextjs-cloudflare via /_next/image endpoint CWE-918 9.1AICriticalAI2025-06-16
CVE-2025-5689 Improper Permission Management in SSH Session Handling — authd 8.5 High2025-06-16
CVE-2025-25264 Overly Permissive CORS Policy in WAGO Device Manager — CC100 0751-9x01CWE-942 6.5 Medium2025-06-16
CVE-2025-6169 HAMASTAR Technology WIMP website co-construction management platform - SQL Injection — WIMPCWE-89 9.8 Critical2025-06-16
CVE-2025-6063 XiSearch bar <= 2.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting — XiSearch barCWE-352 6.1 Medium2025-06-14
CVE-2025-6062 Yougler Blogger Profile Page <= v1.01 - Cross-Site Request Forgery to Settings Update — Yougler Blogger Profile PageCWE-352 4.3 Medium2025-06-14
CVE-2025-4592 AI Image Lab – Free AI Image Generator <= 1.0.6 - Cross-Site Request Forgery to API Key Update — AI Image Lab – Free AI Image GeneratorCWE-352 4.3 Medium2025-06-14
CVE-2025-4200 Zagg - Electronics & Accessories WooCommerce WordPress Theme <= 1.4.1 - Unauthenticated Local File Inclusion — Zagg - Electronics & Accessories WooCommerce WordPress ThemeCWE-98 8.1 High2025-06-14
CVE-2025-6055 Zen Sticky Social <= 0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Zen Sticky SocialCWE-352 6.1 Medium2025-06-14
CVE-2025-4187 UserPro - Community and User Profile WordPress Plugin <= 5.1.10 - Unauthenticated Arbitrary File Read — UserPro - Community and User Profile WordPress PluginCWE-22 5.9 Medium2025-06-14
CVE-2025-6040 Easy Flashcards <= 0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Easy FlashcardsCWE-79 6.1 Medium2025-06-14
CVE-2025-6064 WP URL Shortener <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting — WP URL ShortenerCWE-352 6.1 Medium2025-06-14
CVE-2025-6065 Image Resizer On The Fly <= 1.1 - Unauthenticated Arbitrary File Deletion — Image Resizer On The FlyCWE-22 9.1 Critical2025-06-14
CVE-2025-6059 Seraphinite Accelerator <= 2.27.21 - Cross-Site Request Forgery to Multiple Administrative Actions — Seraphinite AcceleratorCWE-352 4.3 Medium2025-06-14
CVE-2025-49596 MCP Inspector proxy server lacks authentication between the Inspector client and proxy — inspectorCWE-306 9.8AICriticalAI2025-06-13

Vulnerabilities classified as access:pre-auth represent 18853 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.