Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18853

18853 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2025-30184 CyberData 011209 SIP Emergency Intercom Authentication Bypass Using an Alternate Path or Channel — 011209 SIP Emergency IntercomCWE-288 9.8 Critical2025-06-09
CVE-2025-5893 Honding Technology Smart Parking Management System - Exposure of Sensitive Information — Smart Parking Management SystemCWE-497 9.8 Critical2025-06-09
CVE-2025-3461 ON Semiconductor Quantenna Telnet Missing Authentication — Quantenna Wi-Fi chipsetCWE-306 9.1 Critical2025-06-08
CVE-2025-5528 Social Sharing Plugin – Sassy Social Share <= 3.3.75 - Reflected Cross-Site Scripting via 'heateor_mastodon_share' Parameter — Social Sharing Plugin – Sassy Social ShareCWE-79 6.1 Medium2025-06-07
CVE-2025-5303 LTL Freight Quotes – Freightview Edition <= 1.0.11, LTL Freight Quotes – Daylight Edition <=2.2.6 and LTL Freight Quotes – Day & Ross Edition <= 2.1.10 - Unauthenticated Stored Cross-Site Scripting via `expiry_date` Parameter — LTL Freight Quotes – Freightview EditionCWE-79 7.2 High2025-06-07
CVE-2025-5814 Profiler – What Slowing Down Your WP <= 1.0.0 - Missing Authentication to Unauthenticated Arbitrary Plugin Reactivation via State Restoration — Profiler – What Slowing Down Your WPCWE-862 5.3 Medium2025-06-07
CVE-2025-49127 Kafbat UI vulnerable to Remote Code Execution by JMX in Metrices Configuration — kafka-uiCWE-502 9.8AICriticalAI2025-06-06
CVE-2025-47950 CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification — corednsCWE-770 7.5 High2025-06-06
CVE-2025-5486 WP Email Debug 1.0 - 1.1.0 - Missing Authorization to Unauthenticated Privilege Escalation via Password Reset — WP Email DebugCWE-862 9.8 Critical2025-06-06
CVE-2025-2935 Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms <= 2024.7 - Cross-Site Request Forgery to Multiple Administrative Actions — Stop Spammers ClassicCWE-352 5.4 Medium2025-06-06
CVE-2025-4966 WP Online Users Stats <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via hk_dataset_results Function — WP Online Users StatsCWE-352 6.1 Medium2025-06-06
CVE-2025-5019 Hive Support <= 1.2.5 - Cross-Site Request Forgery via hs_update_ai_chat_settings Function — Hive Support | AI-Powered Help Desk, Live Chat and ChatbotCWE-352 5.4 Medium2025-06-06
CVE-2025-5733 Modern Events Calendar <= 7.21.9 - Information Exposure — Modern Events Calendar LiteCWE-201 5.3 Medium2025-06-06
CVE-2025-5701 HyperComments <= 1.2.2 - Unauthenticated (Subscriber+) Arbitrary Options Update — HyperCommentsCWE-862 8.8 High2025-06-05
CVE-2025-20286 ISE on AWS Static Credential — Cisco Identity Services Engine SoftwareCWE-259 9.9 Critical2025-06-04
CVE-2025-20275 Cisco Unified Contact Center Express Editor Remote Code Execution Vulnerability — Cisco Unified Contact Center ExpressCWE-502 5.3 Medium2025-06-04
CVE-2025-20273 Cisco Unified Intelligent Contact Management Enterprise Cross-Site Scripting vulnerability — Cisco Unified Intelligent Contact Management EnterpriseCWE-79 6.1 Medium2025-06-04
CVE-2025-20163 Cisco Nexus Dashboard Fabric Controller SSH Host Key Vulnerability — Cisco Data Center Network ManagerCWE-322 8.7 High2025-06-04
CVE-2025-20129 Cisco Customer Collaboration Platform Information Disclosure Vulnerability — Cisco SocialMinerCWE-200 4.3 Medium2025-06-04
CVE-2018-25112 PHOENIX CONTACT: ILC 1x1 ETH Denial of Service — ILC 131CWE-770 7.5 High2025-06-04
CVE-2025-4578 File Provider <= 1.2.3 - Unauthenticated SQLi — File Provider 9.8AICriticalAI2025-06-04
CVE-2025-48710 kro(Kube Resource Orchestrator) 安全漏洞 — kroCWE-441 4.1 Medium2025-06-04
CVE-2025-24015 Deno's AES GCM authentication tags are not verified — denoCWE-347 9.8AICriticalAI2025-06-03
CVE-2025-25022 IBM QRadar Suite Software and IBM Cloud Pak for Security information disclosure — QRadar Suite SoftwareCWE-260 9.6 Critical2025-06-03
CVE-2025-4392 Shared Files <= 1.7.48 - Unauthenticated Stored Cross-Site Scripting via sanitize_file Function — Shared Files – Frontend File Upload Form & Secure File SharingCWE-79 7.2 High2025-06-03
CVE-2025-41428 Keiyo System TimeWorks 路径遍历漏洞 — TimeWorksCWE-22 5.3AIMediumAI2025-06-03
CVE-2025-3662 FancyBox for WordPress < 3.3.6 - Unauthenticated Stored XSS — FancyBox for WordPress 6.1AIMediumAI2025-06-03
CVE-2025-4797 Golo <= 1.7.0 - Authentication Bypass to Account Takeover — Golo - City Travel Guide WordPress ThemeCWE-288 9.8 Critical2025-06-03
CVE-2025-2939 Ninja Tables – Easy Data Table Builder <= 5.0.18 - Unauthenticated PHP Object Injection to Limited Remote Code Execution — Ninja Tables – Easy Data Table BuilderCWE-502 5.6 Medium2025-06-03
CVE-2025-32105 Sangoma IMG2020 HTTP server 安全漏洞 — n/a 9.8AICriticalAI2025-06-03

Vulnerabilities classified as access:pre-auth represent 18853 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.