Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18817

18817 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2026-2696 Export All URLs < 5.1 - Unauthenticated Sensitive Data Exposure — Export All URLs 7.5AIHighAI2026-04-01
CVE-2025-15484 Order Notification for WooCommerce < 3.6.3 - Unauthenticated WooCommerce REST Permission Bypass — Order Notification for WooCommerce 9.1AICriticalAI2026-04-01
CVE-2025-67805 Sage DPW 安全漏洞 — n/a 5.9 Medium2026-04-01
CVE-2026-34605 SiYuan: Reflected XSS via SVG namespace prefix bypass in SanitizeSVG ( getDynamicIcon, unauthenticated ) — siyuanCWE-79 6.1 -2026-03-31
CVE-2026-34453 SiYuan: Broken access control in /api/bookmark/getBookmark allows unauthenticated publish visitors to read password-protected bookmarked content — siyuanCWE-863 7.5 High2026-03-31
CVE-2026-34733 AVideo: Unauthenticated File Deletion via PHP Operator Precedence Bug in CLI Guard — AVideoCWE-284 6.5 Medium2026-03-31
CVE-2026-34732 AVideo: Missing Authentication in CreatePlugin list.json.php Template Affects 21 Endpoints — AVideoCWE-306 5.3 Medium2026-03-31
CVE-2026-34731 AVideo: Unauthenticated Live Stream Termination via RTMP Callback on_publish_done.php — AVideoCWE-306 7.5 High2026-03-31
CVE-2026-34381 Admidio: Unauthenticated Access to Role-Restricted documents via neutralized .htaccess — admidioCWE-284 7.5 High2026-03-31
CVE-2026-1579 PX4 Autopilot Missing authentication for critical function — AutopilotCWE-306 9.8 Critical2026-03-31
CVE-2026-34361 HAPI FHIR: Unauthenticated SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token Theft — org.hl7.fhir.coreCWE-552 9.3 Critical2026-03-31
CVE-2026-34360 HAPI FHIR: Unauthenticated Blind SSRF via /loadIG Endpoint Enables Internal Network Probing — org.hl7.fhir.coreCWE-918 5.8 Medium2026-03-31
CVE-2026-34240 jose vulnerable to untrusted JWK header key acceptance during signature verification — joseCWE-347 7.5 High2026-03-31
CVE-2026-34227 Sliver One-Click Remote Access: Insecure CORS & Unauthenticated MCP Interface — sliverCWE-306 8.8AIHighAI2026-03-31
CVE-2026-34573 Parse Server: GraphQL complexity validator exponential fragment traversal DoS — parse-serverCWE-407 7.5AIHighAI2026-03-31
CVE-2026-34532 Parse Server: Cloud function validator bypass via prototype chain traversal — parse-serverCWE-863 9.1AICriticalAI2026-03-31
CVE-2026-34202 Zebra node crash — V5 transaction hash panic (P2P reachable) — zebraCWE-1336 7.5AIHighAI2026-03-31
CVE-2026-4267 Query Monitor <= 3.20.3 - Reflected Cross-Site Scripting via Request URI — Query MonitorCWE-79 7.2 High2026-03-31
CVE-2026-3191 Minify HTML <= 2.1.12 - Cross-Site Request Forgery to Plugin Settings Update — Minify HTMLCWE-352 5.4 Medium2026-03-31
CVE-2026-32916 OpenClaw 2026.3.7 < 2026.3.11 - Authorization Bypass in Plugin Subagent Routes via Synthetic Admin Scopes — OpenClawCWE-266 9.4 Critical2026-03-31
CVE-2026-3881 Performance Monitor <= 1.0.6 - Unauthenticated Blind SSRF — Performance Monitor 9.1AICriticalAI2026-03-31
CVE-2026-1877 Auto Post Scheduler <= 1.84 - Cross-Site Request Forgery to Stored Cross-Site Scripting via aps_options_page — Auto Post SchedulerCWE-79 6.1 Medium2026-03-31
CVE-2026-4146 Loco Translate <= 2.8.2 - Reflected Cross-Site Scripting via 'update_href' Parameter — Loco TranslateCWE-79 6.1 Medium2026-03-31
CVE-2026-1710 WooPayments <= 10.5.1 - Missing Authorization to Unauthenticated Plugin Settings Update via save_upe_appearance_ajax — WooPayments: Integrated WooCommerce PaymentsCWE-285 6.5 Medium2026-03-31
CVE-2026-1797 Truebooker - Appointment Booking and Scheduler Plugin <= 1.1.4 - Sensitive Information Exposure via Views Files — TrueBooker – Appointment Booking and Scheduler SystemCWE-862 5.3 Medium2026-03-31
CVE-2026-3300 Everest Forms Pro <= 1.9.12 - Unauthenticated Remote Code Execution via Calculation Field — Everest Forms ProCWE-94 9.8 Critical2026-03-31
CVE-2026-4020 Gravity SMTP <= 2.1.4 - Unauthenticated Sensitive Information Exposure via REST API — Gravity SMTPCWE-200 7.5 High2026-03-31
CVE-2026-30878 baserCMS: Mail Form Acceptance Bypass via Public API — basercmsCWE-285 5.3 Medium2026-03-31
CVE-2026-5130 Debugger & Troubleshooter <= 1.3.2 - Unauthenticated Privilege Escalation to Administrator via Cookie Manipulation — Debugger & TroubleshooterCWE-565 8.8 High2026-03-30
CVE-2026-4257 Contact Form by Supsystic <= 1.7.36 - Unauthenticated Server-Side Template Injection via Prefill Functionality — Contact Form by SupsysticCWE-94 9.8 Critical2026-03-30

Vulnerabilities classified as access:pre-auth represent 18817 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.