Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18892

18892 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2024-45415 ZTE多款产品 安全漏洞 — n/a 8.8 -2024-09-16
CVE-2024-46937 MFASOFT Secure Authentication Server 安全漏洞 — n/a 9.8 -2024-09-16
CVE-2024-46938 Sitecore多款产品 安全漏洞 — n/a 7.5 -2024-09-15
CVE-2024-8797 WP Booking System – Booking Calendar <= 2.0.19.8 - Reflected Cross-Site Scripting — WP Booking System – Booking CalendarCWE-79 6.1 Medium2024-09-14
CVE-2024-8724 Waitlist Woocommerce ( Back in stock notifier ) <= 2.7.5 - Reflected Cross-Site Scripting — Waitlist Woocommerce ( Back in stock notifier )CWE-79 6.1 Medium2024-09-14
CVE-2024-8479 Simple Spoiler 1.2 - 1.3 - Unauthenticated Arbitrary Shortcode Execution — Simple SpoilerCWE-94 7.3 High2024-09-14
CVE-2024-8271 FOX – Currency Switcher Professional for WooCommerce <= 1.4.2.1 - Unauthenticated Arbitrary Shortcode Execution — FOX – Currency Switcher Professional for WooCommerceCWE-94 7.3 High2024-09-14
CVE-2022-3459 WooCommerce Multiple Free Gift <= 1.2.3 - Insufficient Server-Side Validation to Arbitrary Gift Adding — WooCommerce Multiple Free GiftCWE-639 5.3 Medium2024-09-14
CVE-2024-6862 Cross-Site Request Forgery (CSRF) in lunary-ai/lunary — lunary-ai/lunaryCWE-352 8.8AIHighAI2024-09-13
CVE-2024-8242 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.15.3 - Authenticated (Subscriber+) Limited Arbitrary File Upload — MStore API – Create Native Android & iOS Apps On The CloudCWE-434 4.3 Medium2024-09-13
CVE-2024-8730 Exit Notifier <= 1.10.4 - Reflected Cross-Site Scripting — Exit NotifierCWE-79 6.1 Medium2024-09-13
CVE-2024-8734 Lucas String Replace <= 2.0.5 - Reflected Cross-Site Scripting — Lucas String ReplaceCWE-79 6.1 Medium2024-09-13
CVE-2024-7423 Stream <= 4.0.1 - Cross-Site Request Forgery to Arbitrary Options Update — StreamCWE-352 8.8 High2024-09-13
CVE-2024-8737 PDF Thumbnail Generator <= 1.3 - Reflected Cross-Site Scripting — PDF Thumbnail GeneratorCWE-79 6.1 Medium2024-09-13
CVE-2024-6544 Custom Post Limits <= 4.4.1 - Unauthenticated Full Path Disclosure — Custom Post LimitsCWE-200 5.3 Medium2024-09-13
CVE-2024-8269 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.15.3 - Unauthorized User Registration — MStore API – Create Native Android & iOS Apps On The CloudCWE-284 7.3 High2024-09-13
CVE-2024-8731 Cron Jobs <= 1.2.9 - Reflected Cross-Site Scripting — Cron JobsCWE-79 6.1 Medium2024-09-13
CVE-2024-8714 WordPress Affiliates Plugin — SliceWP Affiliates <= 1.1.20 - Reflected Cross-Site Scripting — Affiliate Program Suite — SliceWP AffiliatesCWE-79 6.1 Medium2024-09-13
CVE-2024-8732 Roles & Capabilities <= 1.1.9 - Reflected Cross-Site Scripting — Roles & CapabilitiesCWE-79 6.1 Medium2024-09-13
CVE-2024-8663 WP Simple Booking Calendar <= 2.0.10 - Reflected Cross-Site Scripting — WP Simple Booking CalendarCWE-79 6.1 Medium2024-09-13
CVE-2024-8664 WP Test Email <= 1.1.7 - Reflected Cross-Site Scripting — WP Test EmailCWE-79 6.1 Medium2024-09-13
CVE-2024-8665 YITH Custom Login <= 1.7.3 - Reflected Cross-Site Scripting — YITH Custom LoginCWE-79 6.1 Medium2024-09-13
CVE-2024-8656 WPFactory Helper <= 1.7.0 - Reflected Cross-Site Scripting — WPFactory HelperCWE-79 6.1 Medium2024-09-13
CVE-2024-8751 Vulnerability in SICK MSC800 — SICK MSC800CWE-306 7.5 High2024-09-12
CVE-2024-45824 FactoryTalk® View Site Edition Remote Code Execution Vulnerability via Lack of Input Validation — FactoryTalk View Site EditionCWE-77 9.8 Critical2024-09-12
CVE-2024-8522 LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_only_fields' — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-89 10.0 Critical2024-09-12
CVE-2024-8529 LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_fields' — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-89 10.0 Critical2024-09-12
CVE-2024-8622 amCharts: Charts and Maps <= 1.4.4 - Reflected Cross-Site Scripting via Cross-Site Request Forgery — amCharts: Charts and MapsCWE-79 6.1 Medium2024-09-12
CVE-2024-6019 Music Request Manager <= 1.3 - Unauthenticated Stored XSS — Music Request Manager 6.1AIMediumAI2024-09-12
CVE-2024-29847 Ivanti Endpoint Manager 代码问题漏洞 — EPM 9.8 -2024-09-12

Vulnerabilities classified as access:pre-auth represent 18892 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.