Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18853

18853 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2025-32106 AudioCodes Audiocodes Mediapack MP-11x 安全漏洞 — n/a 9.8AICriticalAI2025-06-03
CVE-2025-48996 Unauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API Endpoint — issuesCWE-201 5.3 Medium2025-06-02
CVE-2024-7073 Unauthenticated Server-Side Request Forgery (SSRF) in Multiple WSO2 Products via SOAP Admin Services — WSO2 Identity Server as Key ManagerCWE-918 6.5 Medium2025-06-02
CVE-2025-48958 Froxlor has an HTML Injection Vulnerability — FroxlorCWE-79 5.5 Medium2025-06-02
CVE-2025-4691 Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking <= 1.3.21 - Insecure Direct Object Reference to Sensitive Information Exposure — eaSYNC Booking – Hotels, Restaurants & Car RentalsCWE-639 5.3 Medium2025-05-31
CVE-2025-4631 Profitori 2.0.6.0 - 2.1.1.3 - Missing Authorization to Unauthenticated Privilege Escalation via stocktend_object Endpoint — The E-Commerce ERP: Purchasing, Inventory, Fulfillment, Manufacturing, BOM, Accounting, Sales AnalysisCWE-285 9.8 Critical2025-05-31
CVE-2025-4607 PSW Front-end Login & Registration <= 1.12 - Insufficiently Random Values to Unauthenticated Account Takeover/Privilege Escalation via customer_registration Function — PSW Front-end Login & RegistrationCWE-330 9.8 Critical2025-05-31
CVE-2025-5016 Relevanssi <= 4.24.5 (Free) and <= 2.27.6 (Premium) - Unauthenticated Stored Cross-Site Scripting via Excerpt Highlights — Relevanssi PremiumCWE-79 4.7 Medium2025-05-31
CVE-2025-5142 Simple Page Access Restriction <= 1.0.31 - Cross-Site Request Forgery via Multiple Parameters — Simple Page Access RestrictionCWE-352 6.5 Medium2025-05-30
CVE-2025-4633 Default Credentials — AirpointerCWE-798 6.5 Medium2025-05-30
CVE-2025-47697 Uchida Yoko wivia 安全漏洞 — wivia 5CWE-602 9.8AICriticalAI2025-05-30
CVE-2025-48889 Gradio Allows Unauthorized File Copy via Path Manipulation — gradioCWE-434 5.3 Medium2025-05-30
CVE-2025-4659 Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.4 - Unauthenticated Full Path Disclosure — Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja FormsCWE-200 5.3 Medium2025-05-30
CVE-2025-44619 Tinxy WiFi Lock Controller v1 RF 安全漏洞 — n/a 8.1AIHighAI2025-05-30
CVE-2025-48757 Lovable 安全漏洞 — LovableCWE-863 9.3 Critical2025-05-30
CVE-2025-4967 Server Side Request Forgery (SSRF) vulnerability in Portal for ArcGIS — Portal for ArcGISCWE-918 9.1 Critical2025-05-29
CVE-2025-48045 MICI Network Co. Ltd. NetFax Server Default Administrator Credentials Disclosure — NetFax ServerCWE-201 7.5AIHighAI2025-05-29
CVE-2025-3755 Information Disclosure and Denial-of-Service(DoS) Vulnerability in MELSEC iQ-F Series CPU module — MELSEC iQ-F Series FX5U-32MT/ESCWE-1285 9.1 Critical2025-05-29
CVE-2024-54952 MikroTik RouterOS 安全漏洞 — n/a 7.5AIHighAI2025-05-29
CVE-2024-47057 User name enumeration possible due to response time difference on password reset form — MauticCWE-203 5.3 Medium2025-05-28
CVE-2024-47056 Mautic does not shield .env files from web traffic — MauticCWE-312 5.1 Medium2025-05-28
CVE-2025-5257 Predictable Page Indexing Might Lead to Sensitive Data Exposure — MauticCWE-1284 6.5 Medium2025-05-28
CVE-2025-5287 Likes and Dislikes Plugin <= 1.0.0 - Unauthenticated SQL Injection — Likes and Dislikes PluginCWE-89 7.5 High2025-05-28
CVE-2025-47294 Fortinet FortiOS 输入验证错误漏洞 — FortiOSCWE-190 4.8 Medium2025-05-28
CVE-2025-47295 Fortinet FortiOS 安全漏洞 — FortiOSCWE-126 3.4 Low2025-05-28
CVE-2025-5082 WP Attachments <= 5.0.12 - Reflected Cross-Site Scripting via attachment_id Parameter — WP AttachmentsCWE-79 6.1 Medium2025-05-28
CVE-2025-4009 Unauthenticated Arbitrary Command Injection in Evertz SDVN — 3080ipx-10GCWE-77 9.8AICriticalAI2025-05-28
CVE-2025-32440 NetAlertX Vulnerable to Authentication Bypass — NetAlertXCWE-306 10.0 Critical2025-05-27
CVE-2024-13966 ZKTeco BioTime default password — BioTimeCWE-1393 7.3 High2025-05-27
CVE-2025-41653 Weidmueller: Denial-of-Service Vulnerability in the web server functionality of Industrial Ethernet Switches — IE-SW-VL05M-5TXCWE-410 7.5 High2025-05-27

Vulnerabilities classified as access:pre-auth represent 18853 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.