Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18875

18875 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2024-20511 Cisco Unified Communications Manager Cross-Site Scripting Vulnerability — Cisco Unified Communications ManagerCWE-79 6.1 Medium2024-11-06
CVE-2024-20484 Cisco Enterprise Chat and Email Denial of Service Vulnerability — Cisco Enterprise Chat and EmailCWE-20 7.5 High2024-11-06
CVE-2024-20445 Cisco IP Phone 7800, 8800, and 9800 Series Information Disclosure Vulnerability — Cisco Session Initiation Protocol (SIP) SoftwareCWE-200 5.3 Medium2024-11-06
CVE-2024-20371 Cisco Nexus 3550-F Switches Access Control List Programming Vulnerability — Cisco Nexus 3550 System SoftwareCWE-264 5.3 Medium2024-11-06
CVE-2024-35146 IBM Maximo Application Suite cross-site scripting — Maximo Application SuiteCWE-79 5.4 Medium2024-11-06
CVE-2024-8615 WP JobSearch <= 2.6.7 - Unauthenticated Arbitrary File Upload — JobSearch WP Job BoardCWE-434 10.0 Critical2024-11-06
CVE-2024-6626 EleForms – All In One Form Integration including DB for Elementor <= 2.9.9.9 - Missing Authorization — EleForms – All In One Form Integration including DB for ElementorCWE-862 5.3 Medium2024-11-06
CVE-2024-9946 Social Share, Social Login and Social Comments Plugin – Super Socializer <= 7.13.68 - Authentication Bypass via Disqus OAuth provider — Social Share, Social Login and Social Comments Plugin – Super SocializerCWE-287 8.1 High2024-11-06
CVE-2024-10020 Heateor Social Login WordPress <= 1.1.35 - Authentication Bypass via Disqus OAuth provider — Heateor Social Login WordPressCWE-287 8.1 High2024-11-06
CVE-2024-10535 Video Gallery for WooCommerce <= 1.31 - Missing Authorization to Unauthenticated Limited File Deletion — Video Gallery for WooCommerceCWE-862 5.3 Medium2024-11-06
CVE-2024-10647 WS Form LITE – Drag & Drop Contact Form Builder for WordPress <= 1.9.244 - Reflected Cross-Site Scripting via URL — WS Form LITE – Drag & Drop Contact Form BuilderCWE-79 6.1 Medium2024-11-06
CVE-2024-48325 Portábilis i-Educar 安全漏洞 — n/a 9.8AICriticalAI2024-11-06
CVE-2024-10028 Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin <= 2.2.13 - Sensitive Invormation Disclosure via procstat Log — Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning PluginCWE-922 7.5 High2024-11-05
CVE-2024-47460 Unauthenticated Command Injection Vulnerability in the CLI Service Accessed by the PAPI Protocol — HPE Aruba Networking Access Points, Instant AOS-8, and AOS-10 9.0 Critical2024-11-05
CVE-2024-42509 Unauthenticated Command Injection Vulnerability in the CLI Service Accessed by the PAPI Protocol — HPE Aruba Networking Access Points, Instant AOS-8, and AOS-10 9.8 Critical2024-11-05
CVE-2024-51739 Users enumeration allowed through Rest API in Combodo iTop — iTopCWE-200 7.5 High2024-11-05
CVE-2024-10263 Tickera – WordPress Event Ticketing <= 3.5.4.4 - Unauthenticated Arbitrary Shortcode Execution — Tickera – Sell Tickets & Manage EventsCWE-94 7.3 High2024-11-05
CVE-2024-10687 Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons <= 24.0.3 - Unauthenticated SQL Injection — Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & StripeCWE-89 9.8 Critical2024-11-05
CVE-2024-9667 Seriously Simple Podcasting <= 3.5.0 - Reflected Cross-Site Scripting via add_query_arg Parameter — Seriously Simple PodcastingCWE-79 6.1 Medium2024-11-05
CVE-2024-10114 Social Login - WordPress / WooCommerce Plugin <= 2.7.7 - Authentication Bypass via WordPress.com OAuth provider — WooCommerce - Social LoginCWE-287 8.1 High2024-11-05
CVE-2024-10711 WooCommerce Report <= 1.5.1 - Cross-Site Request Forgery to Arbitrary Options Update — REPORTiT – Advanced Reporting for WooCommerceCWE-352 8.8 High2024-11-05
CVE-2024-10097 Loginizer Security and Loginizer <= 1.9.2 - Authentication Bypass via WordPress.com OAuth provider — Loginizer SecurityCWE-287 8.1 High2024-11-05
CVE-2024-9896 BBP Core – Expand bbPress powered forums with useful features <= 1.2.5 - Reflected Cross-Site Scripting via add_query_arg Parameter — Forumax – AI Powered Advanced Community Forum PluginCWE-79 6.1 Medium2024-11-02
CVE-2024-8739 ReCaptcha Integration for WordPress <= 1.2.5 - Reflected Cross-Site Scripting — ReCaptcha Integration for WordPressCWE-79 6.1 Medium2024-11-02
CVE-2024-41745 IBM CICS TX Standard cross-site scripting — CICS TX StandardCWE-79 6.1 Medium2024-11-01
CVE-2024-10652 CHANGING Information Technology IDExpert - Reflected XSS — IDExpertCWE-79 6.1 Medium2024-11-01
CVE-2024-22733 TP-LINK MR200 安全漏洞 — n/a 7.5AIHighAI2024-11-01
CVE-2024-6479 SIP Reviews Shortcode for WooCommerce <= 1.2.3 - Authenticated (Contributor+) SQL Injection — SIP Reviews Shortcode for WooCommerceCWE-89 6.5 Medium2024-10-31
CVE-2024-9434 WPGlobus Translate Options <= 2.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting — WPGlobus Translate OptionsCWE-352 6.1 Medium2024-10-31
CVE-2024-9430 Get Quote For Woocommerce – Request A Quote For Woocommerce <= 1.0.0 - Missing Authorization to Unauthenticated Quote PDF and CSV Download — Get Quote For Woocommerce – Request A Quote For WoocommerceCWE-306 5.3 Medium2024-10-31

Vulnerabilities classified as access:pre-auth represent 18875 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.