access:pre-auth — CVE vulnerabilities tagged 18887

18887 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2024-8352	Social Web Suite – Social Media Auto Post, Social Media Auto Publish <= 4.1.11 - Directory Traversal to Arbitrary File Download — Social Web Suite – Social Media Auto Post, Social Media Auto PublishCWE-22	7.5	High	2024-10-03
CVE-2024-41591	DrayTek Vigor 3910 安全漏洞 — n/a	6.1	-	2024-10-03
CVE-2024-9441	Linear eMerge e3-Series Forgot Password Command Injection — eMerge e3-SeriesCWE-78	9.8	Critical	2024-10-02
CVE-2024-20509	Cisco AnyConnect VPN 安全漏洞 — Cisco Meraki MX FirmwareCWE-362	5.8	Medium	2024-10-02
CVE-2024-20513	Cisco AnyConnect VPN 安全漏洞 — Cisco Meraki MX FirmwareCWE-639	5.8	Medium	2024-10-02
CVE-2024-20502	Cisco AnyConnect VPN 安全漏洞 — Cisco Meraki MX FirmwareCWE-400	5.8	Medium	2024-10-02
CVE-2024-20501	Cisco AnyConnect VPN 安全漏洞 — Cisco Meraki MX FirmwareCWE-787	8.6	High	2024-10-02
CVE-2024-20499	Cisco Meraki Z Series Teleworker Gateway和Cisco Meraki MX 安全漏洞 — Cisco Meraki MX FirmwareCWE-787	8.6	High	2024-10-02
CVE-2024-20500	Cisco AnyConnect VPN 安全漏洞 — Cisco Meraki MX FirmwareCWE-400	5.8	Medium	2024-10-02
CVE-2024-20498	Cisco Meraki Z Series Teleworker Gateway和Cisco Meraki MX 安全漏洞 — Cisco Meraki MX FirmwareCWE-415	8.6	High	2024-10-02
CVE-2024-20385	Cisco Nexus Dashboard Orchestrator SSL Certificate Validation Vulnerability — Cisco Nexus Dashboard OrchestratorCWE-295	5.9	Medium	2024-10-02
CVE-2024-8038	Juju 安全漏洞 — JujuCWE-420	7.9	High	2024-10-02
CVE-2024-35294	Schneider Elektronik Series 700 prone to missing authentication for traffic capture function — Series 700CWE-306	6.5	Medium	2024-10-02
CVE-2024-35293	Schneider Elektronik Series 700 prone to missing authentication for critical reset function — Series 700CWE-306	9.1	Critical	2024-10-02
CVE-2024-9218	Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid <= 1.3.14 - Reflected Cross-Site Scripting — Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post GridCWE-79	6.1	Medium	2024-10-02
CVE-2024-9344	BerqWP – Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript <= 2.1.1 - Reflected Cross-Site Scripting — BerqWP – Automated All-In-One Page Speed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScriptCWE-79	6.1	Medium	2024-10-02
CVE-2024-9378	YML for Yandex Market <= 4.7.2 - Reflected Cross-Site Scripting — YML for Yandex MarketCWE-79	6.1	Medium	2024-10-02
CVE-2024-8800	RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more <= 2.21.0 - Reflected Cross-Site Scripting — RabbitLoader – AI Speed Optimization, Caching & CDN for WordPress & WooCommerceCWE-79	6.1	Medium	2024-10-02
CVE-2024-9210	MC4WP: Mailchimp Top Bar <= 1.6.0 - Reflected Cross-Site Scripting — MC4WP: Mailchimp Top BarCWE-79	6.1	Medium	2024-10-02
CVE-2024-9222	Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.12.8 - Reflected Cross-Site Scripting — Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content RestrictionCWE-79	6.1	Medium	2024-10-02
CVE-2024-9225	SEOPress – On-site SEO <= 8.1.1 - Reflected Cross-Site Scripting — SEOPress – On-site SEO & AnalyticsCWE-79	6.1	Medium	2024-10-02
CVE-2024-45519	Zimbra Collaboration Server 安全漏洞 — n/a	10.0	Critical	2024-10-02
CVE-2024-25632	Unauthorised granting of administrator privileges over arbitrary teams under certain circumstances — elabftwCWE-266	8.6	High	2024-10-01
CVE-2023-7273	Cross Site Request Forgery in Kiteworks OwnCloud — OwnCloudCWE-352	6.8	Medium	2024-10-01
CVE-2024-9405	Pluck 安全漏洞 — Pluck CMSCWE-23	5.3	Medium	2024-10-01
CVE-2024-9289	WordPress & WooCommerce Affiliate Program <= 8.4.1 - Authentication Bypass to Account Takeover and Privilege Escalation — WordPress & WooCommerce Affiliate ProgramCWE-288	9.8	Critical	2024-10-01
CVE-2024-8430	Spice Starter Sites <= 1.2.5 - Missing Authorization to Unauthenticated Demo Content Import — Spice Starter SitesCWE-862	5.3	Medium	2024-10-01
CVE-2024-9265	Echo RSS Feed Post Generator <= 5.4.6 - Unauthenticated Privilege Escalation — Echo RSS Feed Post GeneratorCWE-269	9.8	Critical	2024-10-01
CVE-2024-8786	Auto Featured Image from Title <= 2.3 - Reflected Cross-Site Scripting — Auto Featured Image from TitleCWE-79	6.1	Medium	2024-10-01
CVE-2024-8793	Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More <= 2.7.2.1 - Reflected Cross-Site Scripting — Store Exporter – Export WooCommerce Products, Orders, Subscriptions, CustomersCWE-79	6.1	Medium	2024-10-01

Vulnerabilities classified as access:pre-auth represent 18887 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

access:pre-auth — CVE vulnerabilities tagged 18887