Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18867

18867 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2025-21593 Junos OS and Junos OS Evolved: On SRv6 enabled devices, an attacker sending a malformed BGP update can cause the rpd to crash — Junos OSCWE-664 6.5 Medium2025-01-09
CVE-2024-11642 Post Grid Master <= 3.4.12 - Missing Authorization to Unauthenticated Local PHP File Inclusion — Post Grid Master — Post Grids & AJAX FiltersCWE-22 9.8 Critical2025-01-09
CVE-2024-12394 Action Network <= 1.4.4 - Reflected Cross-Site Scripting — Action NetworkCWE-79 6.1 Medium2025-01-09
CVE-2024-12542 linkID <= 0.1.2 - Missing Authorization to Unauthenticated Sensitive Information Exposure — linkIDCWE-862 8.6 High2025-01-09
CVE-2024-11686 WhatsApp click to chat <= 3.0.4 - Reflected Cross-Site Scripting — WhatsApp 🚀 click to chatCWE-79 6.1 Medium2025-01-09
CVE-2024-11815 Pósturinn\'s Shipping with WooCommerce <= 1.3.1 - Reflected Cross-Site Scripting — Pósturinn\'s Shipping with WooCommerceCWE-79 6.1 Medium2025-01-09
CVE-2024-11328 CLUEVO LMS, E-Learning Platform <= 1.13.2 - Reflected Cross-Site Scripting — CLUEVO LMS, E-Learning PlatformCWE-79 6.1 Medium2025-01-09
CVE-2024-12218 Woocommerce check pincode/zipcode for shipping <= 2.0.4 - Cross-Site Request Forgery to Reflected Cross-Site Scripting — Woocommerce check pincode/zipcode for shippingCWE-352 6.1 Medium2025-01-09
CVE-2024-12605 AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) <= 2.5 - Cross-Site Request Forgery to Settings Update — Opace AI Scribe: SEO Content Creator & Humaizer for OpenAI & AnthropicCWE-352 4.3 Medium2025-01-09
CVE-2024-12206 Wordpress Header Builder Plugin <= 1.3.8 - Cross-Site Request Forgery to Header Deletion — Pearl – Header BuilderCWE-352 4.3 Medium2025-01-09
CVE-2024-12222 Deliver via Shipos for WooCommerce <= 2.1.7 - Reflected Cross-Site Scripting via dvsfw_bulk_label_url Parameter — Deliver via Shipos for WooCommerceCWE-79 6.1 Medium2025-01-09
CVE-2024-12285 SEMA API <= 5.27 - Reflected Cross-Site Scripting via catid Parameter — SEMA APICWE-79 6.1 Medium2025-01-09
CVE-2024-12330 WP Database Backup – Unlimited Database & Files Backup by Backup for WP <= 7.3 - Unauthenticated Database Back-Up Exposure — WP Database Backup – Unlimited Database & Files Backup by Backup for WPCWE-530 7.5 High2025-01-09
CVE-2024-12122 ResAds <= 2.0.6 - Reflected Cross-Site Scripting via Multiple Parameters — ResAdsCWE-79 6.1 Medium2025-01-09
CVE-2023-28354 Opsview Monitor Agent 安全漏洞 — n/a 9.8 -2025-01-09
CVE-2025-0282 Ivanti多款产品 安全漏洞 — Connect SecureCWE-121 9.0 Critical2025-01-08
CVE-2024-54010 Unauthenticated Traffic Handling Flaw Allows Packet Leakage on HPE Aruba Networking CX 10000 series switches — AOS-CX 3.4 Low2025-01-08
CVE-2025-20126 Cisco ThousandEyes Endpoint Agent Certificate Validation Vulnerability — Cisco ThousandEyes Endpoint AgentCWE-295 4.8 Medium2025-01-08
CVE-2025-22137 Arbitrary File Overwrite via HTTP POST in Pingvin Share — pingvin-shareCWE-20 9.8 Critical2025-01-08
CVE-2024-12337 Shipping via Planzer for WooCommerce <= 1.0.25 - Reflected Cross-Site Scripting via processed-ids — Shipping via Planzer for WooCommerceCWE-79 6.1 Medium2025-01-08
CVE-2024-11423 Ultimate Gift Cards for WooCommerce <= 3.0.6 - Missing Authorization to Infinite Money Glitch — Gift Cards for WooCommerce ProCWE-862 7.5 High2025-01-08
CVE-2024-12712 Shopping Cart & eCommerce Store <= 5.7.8 - Missing Authorization to Order Updates — Shopping Cart & eCommerce StoreCWE-862 5.3 Medium2025-01-08
CVE-2024-11350 AdForest <= 5.1.6 - Privilege Escalation via Password Reset/Account Takeover — AdForestCWE-640 9.8 Critical2025-01-08
CVE-2024-11939 Cost Calculator Builder PRO <= 3.2.15 - Unauthenticated SQL Injection via data — Cost Calculator Builder PROCWE-89 7.5 High2025-01-08
CVE-2024-9939 WordPress File Upload <= 4.24.13 - Unauthenticated Path Traversal to Arbitrary File Read in wfu_file_downloader.php — Iptanus File UploadCWE-22 7.5 High2025-01-08
CVE-2024-11635 WordPress File Upload <= 4.24.12 - Unuathenticated Remote Code Execution — Iptanus File UploadCWE-94 9.8 Critical2025-01-08
CVE-2024-11613 WordPress File Upload <= 4.24.15 - Unauthenticated Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion — Iptanus File UploadCWE-94 9.8 Critical2025-01-08
CVE-2024-10585 InfiniteWP Client <= 1.13.0 - Unauthenticated Limited Directory Traversal to Arbitrary .txt File Reading — InfiniteWP ClientCWE-22 5.3 Medium2025-01-08
CVE-2024-12713 SureForms – Drag and Drop Form Builder for WordPress <= 1.2.2 - Missing Authorization to Unauthenticated Protected Post Disclosure — SureForms – Contact Form, Payment Form & Other Custom Form BuilderCWE-862 5.3 Medium2025-01-08
CVE-2024-50603 Aviatrix Controller 操作系统命令注入漏洞 — ControllerCWE-78 10.0 Critical2025-01-08

Vulnerabilities classified as access:pre-auth represent 18867 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.