Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18887

18887 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2024-47557 Pre-Auth RCE via Path Traversal — FreeFlow CoreCWE-22 8.3 High2024-10-07
CVE-2024-47556 Pre-Auth RCE via Path Traversal — FreeFlow CoreCWE-22 8.3 High2024-10-07
CVE-2024-9161 Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.228 - Missing Authorization to Unauthenticated User and Term Metadata Insert, Update, and Delete — Rank Math SEO – AI SEO Tools to Dominate SEO RankingsCWE-862 6.5 Medium2024-10-05
CVE-2024-9417 Hash Form - Drag & Drop Form Builder <= 1.1.9 - Unauthenticated Limited File Upload — Hash Form – Drag & Drop Form BuilderCWE-434 6.1 Medium2024-10-05
CVE-2024-9385 Themify Builder <= 7.6.2 - Reflected Cross-Site Scripting — Themify BuilderCWE-79 6.1 Medium2024-10-05
CVE-2024-38040 BUG-000167984 - Portal for ArcGIS has a Local file inclusion (LFI) vulnerability — Portal for ArcGISCWE-73 7.5 High2024-10-04
CVE-2024-38038 BUG-000165732 - Reflected XSS in Portal for ArcGIS — Portal for ArcGISCWE-79 6.1 Medium2024-10-04
CVE-2024-25691 BUG-000165286 - Reflected XSS in Portal for ArcGIS — Portal for ArcGISCWE-79 6.1 Medium2024-10-04
CVE-2024-38036 BUG-000154827 - Reflected XSS in ArcGIS Experience Builder — Portal for ArcGIS Enterprise Experience BuilderCWE-79 5.4 Medium2024-10-04
CVE-2024-8148 BUG-000168624 - Unvalidated redirect in Portal for ArcGIS. (11.2, 11.1, 10.9.1. and 10.8.1) — Portal for ArcGISCWE-601 6.1 Medium2024-10-04
CVE-2024-38037 BUG-000167983 - Unvalidated redirect in Portal for ArcGIS — Portal for ArcGISCWE-601 6.1 Medium2024-10-04
CVE-2024-47769 IDURAR has a Path Traversal (unauthenticated user can read sensitive data) — idurar-erp-crmCWE-22 7.5 High2024-10-04
CVE-2024-8499 Checkout Field Editor (Checkout Manager) for WooCommerce <= 2.0.3 - Reflected Cross-Site Scripting via render_review_request_notice — Checkout Field Editor (Checkout Manager) for WooCommerceCWE-79 4.7 Medium2024-10-04
CVE-2024-47654 No Rate Limiting vulnerability — Client DashboardCWE-799 9.1 -2024-10-04
CVE-2024-9435 ShiftController Employee Shift Scheduling <= 4.9.66 - Reflected Cross-Site Scripting — ShiftController Employee Shift SchedulingCWE-79 6.1 Medium2024-10-04
CVE-2024-9237 Fish and Ships <= 1.5.9 - Reflected Cross-Site Scripting — Advanced Shipping Rates for WooCommerce: Flexible Table Rate Shipping RulesCWE-79 6.1 Medium2024-10-04
CVE-2024-8520 Ultimate Member <= 2.8.6 - Cross-Site Request Forgery to Membership Status Change — Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership PluginCWE-352 5.3 Medium2024-10-04
CVE-2024-9384 Quantity Dynamic Pricing & Bulk Discounts for WooCommerce <= 3.8.0 - Reflected Cross-Site Scripting — Price by Quantity & Bulk Quantity Discounts for WooCommerceCWE-79 6.1 Medium2024-10-04
CVE-2024-9375 WordPress Captcha Plugin by Captcha Bank <= 4.0.36 - Reflected Cross-Site Scripting — WordPress Captcha Plugin by Captcha BankCWE-79 6.1 Medium2024-10-04
CVE-2024-9204 Smart Custom 404 Error Page <= 11.4.7 - Reflected Cross-Site Scripting — Smart Custom 404 Error PageCWE-79 6.1 Medium2024-10-04
CVE-2024-9349 Auto Amazon Links – Amazon Associates Affiliate Plugin <= 5.4.2 - Reflected Cross-Site Scripting — Auto Amazon Links – Amazon Associates Affiliate PluginCWE-79 6.1 Medium2024-10-04
CVE-2024-9353 Popularis Extra <= 1.2.6 - Reflected Cross-Site Scripting — Popularis ExtraCWE-79 6.1 Medium2024-10-04
CVE-2024-9345 Product Delivery Date for WooCommerce – Lite <= 2.7.3 - Reflected Cross-Site Scripting — Product Delivery Date for WooCommerce – LiteCWE-79 6.1 Medium2024-10-04
CVE-2024-8802 Clio Grow <= 1.0.2 - Reflected Cross-Site Scripting — Clio Grow FormCWE-79 6.1 Medium2024-10-04
CVE-2023-26770 Jordanknott Taskcafe 安全漏洞 — n/a 7.5 -2024-10-04
CVE-2024-43699 Delta Electronics DIAEnergie SQL Injection — DIAEnergieCWE-89 9.8 Critical2024-10-03
CVE-2024-41988 Missing Authentication for Critical Function vulnerability in TEM Opera Plus FM Family Transmitter — Opera Plus FM Family TransmitterCWE-306 9.8 -2024-10-03
CVE-2024-41163 Veertu Anka Build 路径遍历漏洞 — Anka BuildCWE-22 7.5 High2024-10-03
CVE-2024-39755 Veertu Anka Build 安全漏洞 — Anka BuildCWE-282 7.8 High2024-10-03
CVE-2024-41922 Veertu Anka Build 路径遍历漏洞 — Anka BuildCWE-22 7.5 High2024-10-03

Vulnerabilities classified as access:pre-auth represent 18887 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.