Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18882

18882 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2024-10439 Sunnet eHRD CTMS - Insecure Direct Object Reference — eHRD CTMSCWE-639 5.3 Medium2024-10-28
CVE-2024-10438 Sunnet eHRD CTMS - Authentication Bypass — eHRD CTMSCWE-288 7.5 High2024-10-28
CVE-2024-9501 Wp Social Login and Register Social Counter <= 3.0.7 - Authentication Bypass via WordPress.com OAuth provider — Wp Social Login and Register Social CounterCWE-288 9.8 Critical2024-10-26
CVE-2024-9772 Uix Shortcodes – Compatible with Gutenberg <= 1.9.9 - Unauthenticated Arbitrary Shortcode Execution — Uix ShortcodesCWE-94 7.3 High2024-10-26
CVE-2024-8870 Forms for Mailchimp by Optin Cat – Grow Your MailChimp List <= 2.5.7 - Reflected Cross-Site Scripting — Forms for Mailchimp by Optin Cat – Grow Your MailChimp ListCWE-79 6.1 Medium2024-10-26
CVE-2024-9613 FormFacade – WordPress plugin for Google Forms <= 1.3.6 - Reflected Cross-Site Scripting — FormFacade – Embed Google Forms in your websiteCWE-79 6.1 Medium2024-10-26
CVE-2024-9930 Extensions by HocWP Team <= 0.2.3.2 - Authentication Bypass — Extensions by HocWP TeamCWE-288 9.8 Critical2024-10-26
CVE-2024-9932 Wux Blog Editor <= 3.0.0 - Unauthenticated Arbitrary File Upload — Wux Blog EditorCWE-434 9.8 Critical2024-10-26
CVE-2024-9933 WatchTowerHQ <= 3.10.1 - Authentication Bypass to Administrator due to Missing Empty Value Check — WatchTowerHQCWE-288 9.8 Critical2024-10-26
CVE-2024-9931 Wux Blog Editor <= 3.0.0 - Authentication Bypass to Administrator — Wux Blog EditorCWE-288 9.8 Critical2024-10-26
CVE-2024-47483 Dell Data Lakehouse SQL注入漏洞 — Data LakehouseCWE-89 2.9 Low2024-10-25
CVE-2024-47481 Dell Data Lakehouse 访问控制错误漏洞 — Dell Data LakehouseCWE-284 6.5 Medium2024-10-25
CVE-2024-9598 AMP for WP – Accelerated Mobile Pages <= 1.0.99.1 - Cross-Site Request Forgery to Privilege Escalation — AMP for WP – Accelerated Mobile PagesCWE-352 8.8 High2024-10-25
CVE-2024-9630 WPS Telegram Chat <= 4.6.0 - Missing Authorization to Information Exposure — WPS Telegram ChatCWE-862 5.4 Medium2024-10-25
CVE-2024-9607 10Web Social Post Feed <= 1.2.9 - Reflected Cross-Site Scripting — 10Web Social Post FeedCWE-79 6.1 Medium2024-10-25
CVE-2024-9302 App Builder – Create Native Android & iOS Apps On The Flight <= 5.3.7 - Privilege Escalation and Account Takeover via Weak OTP — App Builder – Create Native Android & iOS Apps On The FlightCWE-640 8.1 High2024-10-25
CVE-2024-9488 Comments – wpDiscuz <= 7.6.24 - Authentication Bypass via WordPress.com OAuth provider — Comments – wpDiscuzCWE-288 9.8 Critical2024-10-25
CVE-2024-9686 Order Notification for Telegram <= 1.0.1 - Missing Authorization to Unauthenticated Send Telegram Test Message — Order Notification for TelegramCWE-862 5.3 Medium2024-10-25
CVE-2024-48932 ZimaOS Unauthenticated API Discloses Usernames — ZimaOSCWE-284 5.3 Medium2024-10-24
CVE-2024-9692 Improper Access Control in Input in VIMESA VHF/FM Transmitter Blue Plus — VHF/FM Transmitter Blue PlusCWE-284 7.5AIHighAI2024-10-24
CVE-2024-9214 Extra Product Options Builder for WooCommerce <= 1.2.133 - Unauthenticated Stored Cross-Site Scripting — Extra Product Options Builder for WooCommerceCWE-79 6.1 Medium2024-10-24
CVE-2024-8717 PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer – DearFlip <= 2.3.32 - Reflected Cross-Site Scripting — Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewerCWE-79 6.1 Medium2024-10-24
CVE-2024-6049 Unauthenticated Path Traversal — vsm LTC Time Sync (vTimeSync)CWE-32 7.5AIHighAI2024-10-24
CVE-2024-9943 MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.4 - Cross-Site Request Forgery to Vendor Updates — MultiVendorX – WooCommerce Multivendor Marketplace SolutionsCWE-352 6.3 Medium2024-10-24
CVE-2024-9864 EventPrime – Modern Events Calendar, Bookings and Tickets <= 4.0.4.7 - Unauthenticated Stored Cross-Site Scripting — EventPrime – Events Calendar, Bookings and TicketsCWE-79 6.1 Medium2024-10-24
CVE-2024-9865 EventPrime – Modern Events Calendar, Bookings and Tickets <= 4.0.4.7 - Unauthenticated Stored Cross-Site Scripting via Transaction Log — EventPrime – Events Calendar, Bookings and TicketsCWE-79 6.1 Medium2024-10-24
CVE-2024-9374 Terms descriptions <= 3.4.6 - Reflected Cross-Site Scripting — Terms descriptionsCWE-79 6.1 Medium2024-10-24
CVE-2024-41617 Money Manager EX WebApp 安全漏洞 — n/a 8.8AIHighAI2024-10-24
CVE-2024-48442 Tuoshi NR500-EA 安全漏洞 — n/a 9.1AICriticalAI2024-10-24
CVE-2024-20526 Cisco Adaptive Security Appliance 安全漏洞 — Cisco Adaptive Security Appliance (ASA) SoftwareCWE-400 5.3 Medium2024-10-23

Vulnerabilities classified as access:pre-auth represent 18882 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.