Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18816

18816 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2026-3565 Taqnix <= 1.0.3 - Cross-Site Request Forgery to Account Deletion via 'taqnix_delete_my_account' AJAX Action — TaqnixCWE-352 4.3 Medium2026-04-24
CVE-2026-5347 WP Books Gallery <= 4.8.0 - Missing Authorization to Unauthenticated Settings Update via 'permalink_structure' Parameter — WP Books Gallery – Build Stunning Book Showcases & Libraries in MinutesCWE-862 5.3 Medium2026-04-24
CVE-2026-5364 Drag and Drop File Upload for Contact Form 7 <= 1.1.3 - Unauthenticated Arbitrary File Upload via sanitize_file_name Bypass — Drag and Drop File Upload for Contact Form 7CWE-434 8.1 High2026-04-24
CVE-2026-6947 D-Link|DWM-222W USB Wi-Fi Adapter - Brute-Force Protection Bypass — DWM-222WCWE-307 7.5 High2026-04-24
CVE-2026-25775 SenseLive X3050 Missing authentication for critical function — X3050CWE-306 9.8 Critical2026-04-24
CVE-2026-35064 SenseLive X3050 Missing authentication for critical function — X3050CWE-306 7.5 High2026-04-24
CVE-2026-30368 Lightspeed Classroom 安全漏洞 — Lightspeed ClassroomCWE-863 5.4 Medium2026-04-24
CVE-2026-41343 OpenClaw < 2026.3.31 - Denial of Service via LINE Webhook Handler Pre-Auth Concurrency — OpenClawCWE-799 5.3 Medium2026-04-23
CVE-2026-41342 OpenClaw < 2026.3.28 - Unauthenticated Discovery Endpoint Credential Exfiltration via Remote Onboarding — OpenClawCWE-346 7.3 High2026-04-23
CVE-2026-28525 SWUpdate Integer Underflow in Multipart Upload Parser — swupdateCWE-191 6.8 Medium2026-04-23
CVE-2026-6376 Missing authentication for critical function in SpiceJet Online Booking System — Online Booking SystemCWE-306 5.3AIMediumAI2026-04-23
CVE-2026-6375 Authorization bypass through User-Controlled key in SpiceJet Online Booking System — Online Booking SystemCWE-639 5.3AIMediumAI2026-04-23
CVE-2026-41264 Flowise: CSV Agent Prompt Injection Remote Code Execution Vulnerability — FlowiseCWE-184 9.8AICriticalAI2026-04-23
CVE-2026-41265 Flowise: Airtable_Agent Code Injection Remote Code Execution Vulnerability — FlowiseCWE-77 9.6AICriticalAI2026-04-23
CVE-2026-41279 Flowise: Unauthenticated TTS endpoint accepts arbitrary credential IDs — enables API credit abuse via stored credentials — FlowiseCWE-639 8.2AIHighAI2026-04-23
CVE-2026-25874 LeRobot Unsafe Deserialization Remote Code Execution via gRPC — LeRobotCWE-502 9.8AICriticalAI2026-04-23
CVE-2026-41273 Flowise: Unauthenticated OAuth 2.0 Access Token Disclosure via Public Chatflow — FlowiseCWE-306 7.5AIHighAI2026-04-23
CVE-2026-41271 Flowise: APIChain Prompt Injection SSRF in GET/POST API Chains — FlowiseCWE-918 8.6AIHighAI2026-04-23
CVE-2026-41268 Flowise: Flowise Parameter Override Bypass Remote Command Execution — FlowiseCWE-20 9.8AICriticalAI2026-04-23
CVE-2026-41267 Flowise: Improper Mass Assignment in Account Registration Enables Unauthorized Organization Association — FlowiseCWE-639 8.1 High2026-04-23
CVE-2026-6074 Path traversal: '.../...//' in Intrado 911 Emergency Gateway (EGW) — 911 Emergency GatewayCWE-35 9.8AICriticalAI2026-04-23
CVE-2026-40471 Hackage CSRF vulnerability CWE-352 9.6 Critical2026-04-23
CVE-2026-23751 Kofax Capture 6.0.0.0 Unauthenticated File Read/Write & SMB Coercion via .NET Remoting — Kofax CaptureCWE-306 9.8 Critical2026-04-23
CVE-2026-35225 Improper timeout handling in CODESYS EtherNetIP — CODESYS EtherNetIPCWE-754 5.3AIMediumAI2026-04-23
CVE-2026-41460 SocialEngine <= 7.8.0 SQL Injection via activity/index/get-memberall — SocialEngineCWE-89 9.8 Critical2026-04-23
CVE-2026-6903 Path Traversal Vulnerability in LabOne User Interface — LabOneCWE-22 7.5 High2026-04-23
CVE-2026-6887 BorG Technology Corporation|Borg SPM 2007 - SQL Injection — Borg SPM 2007CWE-89 9.8 Critical2026-04-23
CVE-2026-6886 BorG Technology Corporation|Borg SPM 2007 - Authentication Bypass — Borg SPM 2007CWE-1390 9.8 Critical2026-04-23
CVE-2026-6885 BorG Technology Corporation|Borg SPM 2007 - Arbitrary File Upload — Borg SPM 2007CWE-434 9.8 Critical2026-04-23
CVE-2026-3960 Remote Code Execution in h2oai/h2o-3 — h2oai/h2o-3CWE-94 9.8AICriticalAI2026-04-23

Vulnerabilities classified as access:pre-auth represent 18816 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.