Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18892

18892 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2024-6835 Ivory Search – WordPress Search Plugin <= 5.5.6 - Information Exposure via AJAX Search Form — Ivory Search – WordPress Search PluginCWE-200 5.3 Medium2024-09-05
CVE-2024-6846 SmartSearchWP <= 2.4.4 - Unauthenticated Log Purge — Chatbot with ChatGPT WordPress 5.3AIMediumAI2024-09-05
CVE-2024-7627 Bit File Manager 6.0 - 6.5.5 - Unauthenticated Remote Code Execution via Race Condition — Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPressCWE-94 8.1 High2024-09-05
CVE-2024-20505 ClamAV Memory Handling DoS — ClamAV 4.0 Medium2024-09-04
CVE-2024-20440 Cisco Smart Licensing Utility 安全漏洞 — Cisco Smart License UtilityCWE-532 7.5 High2024-09-04
CVE-2024-20439 Cisco Smart Licensing Utility 安全漏洞 — Cisco Smart License UtilityCWE-912 9.8 Critical2024-09-04
CVE-2024-45052 Fides Webserver Authentication Timing-Based Username Enumeration Vulnerability — fidesCWE-208 5.3 Medium2024-09-04
CVE-2024-8289 MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.0 - Missing Authorization to Limited Vendor Privilege Escalation/Account Takeover — MultiVendorX – WooCommerce Multivendor Marketplace SolutionsCWE-862 9.8 Critical2024-09-04
CVE-2024-7870 PixelYourSite – Your smart PIXEL (TAG) & API Manager <= 9.7.1 and PixelYourSite PRO <= 10.4.2 - Unauthenticated Information Exposure and Log Deletion — PixelYourSite – Your smart PIXEL (TAG) & API ManagerCWE-287 6.5 Medium2024-09-04
CVE-2024-8119 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Reflected Cross-Site Scripting via page — The Ultimate WordPress Toolkit – WP ExtendedCWE-79 6.1 Medium2024-09-04
CVE-2024-8117 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Reflected Cross-Site Scripting via selected_option — The Ultimate WordPress Toolkit – WP ExtendedCWE-79 6.1 Medium2024-09-04
CVE-2024-6926 Viral Signup <= 2.1 - Unauthenticated SQLi — Viral Signup 9.8AICriticalAI2024-09-04
CVE-2024-7786 Sensei LMS < 4.24.2 - Unauthenticated Email Template Leak — Sensei LMS 5.3AIMediumAI2024-09-04
CVE-2024-7950 WP Job Portal <= 2.1.6 - Missing Authorization to Unauthenticated Local File Inclusion, Arbitrary Settings Update, and User Creation — WP Job Portal – AI-Powered Recruitment System for Company or Job Board websiteCWE-22 9.8 Critical2024-09-04
CVE-2024-7261 Zyxel多款产品 操作系统命令注入漏洞 — NWA1123ACv3 firmwareCWE-78 9.8 Critical2024-09-03
CVE-2024-42058 Zyxel多款产品 代码问题漏洞 — ATP series firmwareCWE-476 7.5 High2024-09-03
CVE-2024-42057 Zyxel多款产品 操作系统命令注入漏洞 — ATP series firmwareCWE-78 8.1 High2024-09-03
CVE-2024-5412 Zyxel VMG8825-T50K 安全漏洞 — VMG8825-T50K firmwareCWE-120 7.5 High2024-09-03
CVE-2024-7691 Flaming Forms <= 1.0.1 - Unauthenticated Stored XSS — Flaming Forms 6.1AIMediumAI2024-09-02
CVE-2024-3886 tagDiv Composer <= 5.0 - Reflected Cross-Site Scripting via envato_code[] — tagDiv ComposerCWE-79 6.1 Medium2024-08-31
CVE-2024-5212 tagDiv Composer <= 5.0 - Reflected Cross-Site Scripting via envato_code[] — tagDiv ComposerCWE-79 6.1 Medium2024-08-31
CVE-2024-8274 WP Booking Calendar <= 10.5 - Reflected Cross-Site Scripting — Booking CalendarCWE-79 6.1 Medium2024-08-30
CVE-2024-8319 Tourfic <= 2.11.20 - Cross-Site Request Forgery in Multiple Functions — Tourfic – Travel Booking, Hotel Booking & Car Rental WordPress PluginCWE-352 4.3 Medium2024-08-30
CVE-2024-39300 ELECOM WAB-I1750-PS 安全漏洞 — WAB-I1750-PS 7.5AIHighAI2024-08-30
CVE-2024-5024 MemberPress <= 1.11.29 - Reflected Cross-Site Scripting via mepr_screenname and mepr_key Parameters — MemberpressCWE-79 6.1 Medium2024-08-30
CVE-2024-8234 Zyxel NWA1100-N 操作系统命令注入漏洞 — NWA1100-N firmwareCWE-78 7.5 High2024-08-30
CVE-2024-6671 WhatsUp Gold GetStatisticalMonitorList SQL Injection Authentication Bypass Vulnerability — WhatsUp GoldCWE-89 9.8 Critical2024-08-29
CVE-2024-6670 WhatsUp Gold HasErrors SQL Injection Authentication Bypass Vulnerability — WhatsUp GoldCWE-89 9.8 Critical2024-08-29
CVE-2024-3679 Premium SEO Pack – WP SEO Plugin <= 1.6.002 - Unauthenticated Information Exposure — Premium SEO Pack – WP SEO PluginCWE-200 5.3 Medium2024-08-29
CVE-2024-2541 Popup Builder <= 4.3.6 - Sensitive Information Exposure via Imported Subscribers CSV File — Popup Builder – Create highly converting, mobile friendly marketing popups.CWE-200 5.3 Medium2024-08-29

Vulnerabilities classified as access:pre-auth represent 18892 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.