Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18823

18823 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2026-4283 WP DSGVO Tools (GDPR) <= 3.1.38 - Missing Authorization to Unauthenticated Account Destruction of Non-Admin Users — WP DSGVO Tools (GDPR)CWE-862 9.1 Critical2026-03-24
CVE-2026-4662 JetEngine <= 3.8.6.1 - Unauthenticated SQL Injection via Listing Grid 'filtered_query' Parameter — JetEngineCWE-89 7.5 High2026-03-24
CVE-2026-3138 Product Filter for WooCommerce by WBW <= 3.1.2 - Missing Authorization to Unauthenticated Filter Data Deletion via TRUNCATE TABLE — Product Filter for WooCommerce by WBWCWE-862 6.5 Medium2026-03-24
CVE-2026-4640 Galaxy Software Services|Vitals ESP - Missing Authentication — Vitals ESPCWE-306 7.5 High2026-03-24
CVE-2026-3260 Undertow: undertow: denial of service due to premature multipart/form-data parsing in get requests — Red Hat build of Apache Camel for Spring Boot 4CWE-770 5.9 Medium2026-03-24
CVE-2026-30655 e-SIC Livre 安全漏洞 — n/a 7.5 -2026-03-24
CVE-2026-33283 Ella Core panics on malformed ULNASTransport Message without a Request Type — coreCWE-476 6.5 Medium2026-03-23
CVE-2026-33282 Ella Core panics on malformed NGAP Location Report — coreCWE-476 7.5 High2026-03-23
CVE-2026-33281 Ella Core panics on invalid PDU Session IDs in NGAP messages — coreCWE-129 6.5 Medium2026-03-23
CVE-2026-33242 Salvo has a Path Traversal in salvo-proxy::encode_url_path allows API Gateway Bypass — salvoCWE-22 7.5 High2026-03-23
CVE-2026-4021 Contest Gallery <= 28.1.5 - Unauthenticated Privilege Escalation Admin Account Takeover via Registration Confirmation Email-to-ID Type Confusion — Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & StripeCWE-287 8.1 High2026-03-23
CVE-2026-4001 Woocommerce Custom Product Addons Pro <= 5.4.1 - Unauthenticated Remote Code Execution via Custom Pricing Formula — Woocommerce Custom Product Addons ProCWE-95 9.8 Critical2026-03-23
CVE-2026-4306 WP Job Portal <= 2.4.8 - Unauthenticated SQL Injection via 'radius' Parameter — WP Job Portal – AI-Powered Recruitment System for Company or Job Board websiteCWE-89 7.5 High2026-03-23
CVE-2025-60949 Census CSWeb leaked configuration files — CSWebCWE-200 9.1 Critical2026-03-23
CVE-2026-33719 AVideo Vulnerable to Unauthenticated CDN Configuration Takeover via Empty Default Key Bypass and Mass-Assignment in status.json.php — AVideoCWE-306 8.6 High2026-03-23
CVE-2026-33716 AVideo Allows Unauthenticated Live Stream Control via Token Verification URL Override in control.json.php — AVideoCWE-287 9.4 Critical2026-03-23
CVE-2026-33688 AVideo has Pre-Captcha User Enumeration and Account Status Disclosure in Password Recovery Endpoint — AVideoCWE-204 5.3 Medium2026-03-23
CVE-2026-33685 AVideo Allows Unauthenticated Access to AD_Server reports.json.php that Exposes Ad Campaign Analytics and User Data — AVideoCWE-862 5.3 Medium2026-03-23
CVE-2026-25075 strongSwan 4.5.0 < 6.0.5 EAP-TTLS AVP Parsing Integer Underflow — strongSwanCWE-191 7.5 High2026-03-23
CVE-2026-33649 AVideo's GET-Based CSRF in setPermission.json.php Enables Privilege Escalation via Arbitrary Permission Modification — AVideoCWE-352 8.1 High2026-03-23
CVE-2026-33513 AVideo has an Unauthenticated Local File Inclusion in API locale (RCE possible with writable PHP) — AVideoCWE-22 8.6 High2026-03-23
CVE-2025-15517 Authorization Bypass in HTTP Server Endpoints on TP-Link Archer NX200, NX210, NX500 and NX600 — Archer NX600 v3.0CWE-306 9.8 -2026-03-23
CVE-2026-33507 AVideo Affected by CSRF on Plugin Import Endpoint Enables Unauthenticated Remote Code Execution via Malicious Plugin Upload — AVideoCWE-352 8.8 High2026-03-23
CVE-2026-33502 AVideo has Unauthenticated SSRF via plugin/Live/test.php — AVideoCWE-918 9.3 Critical2026-03-23
CVE-2026-33501 AVideo has Unauthenticated Information Disclosure of User Group Permission Mappings via Permissions Plugin — AVideoCWE-862 5.3 Medium2026-03-23
CVE-2026-33485 AVideo has an Unauthenticated Blind SQL Injection in RTMP on_publish Callback via Stream Name Parameter — AVideoCWE-89 7.5 High2026-03-23
CVE-2026-33483 AVideo Affected by Unauthenticated Disk Space Exhaustion via Unlimited Temp File Creation in aVideoEncoderChunk.json.php — AVideoCWE-770 7.5 High2026-03-23
CVE-2026-33480 AVideo has a SSRF Protection Bypass via IPv4-Mapped IPv6 Addresses in Unauthenticated LiveLinks Proxy — AVideoCWE-918 8.6 High2026-03-23
CVE-2026-33479 AVideo has PHP Code Injection via eval() in Gallery saveSort.json.php Exploitable Through CSRF Against Admin — AVideoCWE-94 8.8 High2026-03-23
CVE-2026-33478 AVideo Multi-Chain Attack: Unauthenticated Remote Code Execution via Clone Key Disclosure, Database Dump, and Command Injection — AVideoCWE-78 10.0 Critical2026-03-23

Vulnerabilities classified as access:pre-auth represent 18823 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.