Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18853

18853 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2025-5282 WP Travel Engine <= 6.5.1 - Missing Authorization to Unauthenticated Arbitrary Post Deletion — WP Travel Engine – Tour Booking Plugin – Tour Operator SoftwareCWE-862 7.5 High2025-06-13
CVE-2025-5815 Traffic Monitor <= 3.2.2 - Missing Authorization to Unauthenticated Settings Update — Traffic MonitorCWE-862 5.3 Medium2025-06-13
CVE-2025-5928 WP Sliding Login/Dashboard Panel <= 2.1.1 - Cross-Site Request Forgery to Settings Update — WP Sliding Login/Dashboard PanelCWE-352 4.3 Medium2025-06-13
CVE-2025-5938 Digital Marketing and Agency Templates Addons for Elementor <= 1.1.1 - Cross-Site Request Forgery to Import — Digital Marketing and Agency Templates Addons for ElementorCWE-352 5.3 Medium2025-06-13
CVE-2025-5930 WP2HTML <= 1.0.2 - Cross-Site Request Forgery to Settings Update — WP2HTMLCWE-352 4.3 Medium2025-06-13
CVE-2025-5926 Link Shield <= 0.5.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Link ShieldCWE-352 6.1 Medium2025-06-13
CVE-2025-5288 REST API | Custom API Generator For Cross Platform And Import Export In WP 1.0.0 - 2.0.3 - Missing Authorization to Unauthenticated Privilege Escalation via process_handler Function — REST API | Custom API Generator For Cross Platform And Import Export In WPCWE-862 9.8 Critical2025-06-13
CVE-2025-6003 WordPress Single Sign-On (SSO) - Multiple Versions - Incorrect Authorization to Sensitive Information Exposure — WordPress Single Sign-On (SSO) - Single Site StandardCWE-863 5.3 Medium2025-06-12
CVE-2025-4973 Workreap <= 3.3.1 - Authentication Bypass via 'workreap_verify_user_account' — WorkreapCWE-288 9.8 Critical2025-06-12
CVE-2025-46035 Tenda AC6 安全漏洞 — n/a 7.5AIHighAI2025-06-12
CVE-2025-3302 Xagio SEO <= 7.1.0.16 - Unauthenticated Stored Cross-Site Scripting via 'HTTP_REFERER' — Xagio SEO – AI Powered SEOCWE-79 7.2 High2025-06-11
CVE-2025-41663 Weidmueller: Security routers IE-SR-2TX are affected by Command Injection — IE-SR-2TX-WLCWE-78 9.8 Critical2025-06-11
CVE-2025-41661 Weidmueller: Security routers IE-SR-2TX are affected by CSRF — IE-SR-2TX-WLCWE-352 8.8 High2025-06-11
CVE-2025-35940 Hard-coded ArchiverSpaApi JWT Signing Key — ArchiverCWE-798 8.1 High2025-06-10
CVE-2025-2474 Vulnerability in PCX Image Codec Impacts QNX Software Development Platform — QNX Software Development Platform (SDP)CWE-787 9.8 Critical2025-06-10
CVE-2025-36574 Dell Wyse Management Suite WMS 安全漏洞 — Wyse Management SuiteCWE-36 8.2 High2025-06-10
CVE-2025-36575 Dell Wyse Management Suite WMS 安全漏洞 — Wyse Management SuiteCWE-202 7.5 High2025-06-10
CVE-2024-50568 Fortinet FortiOS 安全漏洞 — FortiOSCWE-300 5.6 Medium2025-06-10
CVE-2024-32119 Fortinet FortiClientEMS 安全漏洞 — FortiClientEMSCWE-1390 4.6 Medium2025-06-10
CVE-2025-22251 Fortinet FortiOS 安全漏洞 — FortiOSCWE-923 3.0 Low2025-06-10
CVE-2025-48879 OctoPrint Vulnerable to Denial of Service through malformed HTTP request — OctoPrintCWE-140 6.5 Medium2025-06-10
CVE-2025-41657 AUMA: Incorrect delivery status of the Bluetooth configuration — AC1.2CWE-207 4.3 Medium2025-06-10
CVE-2025-4840 Likes and Dislikes Plugin <= 1.0.0 - Unauthenticated SQL Injection — inprosysmedia-likes-dislikes-post 9.8AICriticalAI2025-06-10
CVE-2025-5925 Bunny’s Print CSS <= 0.95 - Cross-Site Request Forgery to Settings Update — Bunny’s Print CSSCWE-352 4.3 Medium2025-06-10
CVE-2025-42988 Server-Side Request Forgery in SAP Business Objects Business Intelligence Platform — SAP Business Objects Business Intelligence PlatformCWE-918 3.7 Low2025-06-10
CVE-2025-31325 Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver (ABAP Keyword Documentation) — SAP NetWeaver (ABAP Keyword Documentation)CWE-79 5.8 Medium2025-06-10
CVE-2025-23192 Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence (BI Workspace) — SAP BusinessObjects Business Intelligence (BI Workspace)CWE-79 8.2 High2025-06-10
CVE-2024-57186 erxes 安全漏洞 — n/a 7.5AIHighAI2025-06-10
CVE-2025-30507 CyberData 011209 SIP Emergency Intercom SQL Injection — 011209 SIP Emergency IntercomCWE-89 5.3 Medium2025-06-09
CVE-2025-26468 CyberData 011209 SIP Emergency Intercom Missing Authentication for Critical Function — 011209 SIP Emergency IntercomCWE-306 7.5 High2025-06-09

Vulnerabilities classified as access:pre-auth represent 18853 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.