access:pre-auth — CVE vulnerabilities tagged 18823

18823 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-33352	AVideo has an Unauthenticated SQL Injection via `doNotShowCats` Parameter (Backslash Escape Bypass) — AVideoCWE-89	9.8	Critical	2026-03-23
CVE-2026-31846	Unauthenticated Credential Disclosure via /goform/ate in Nexxt Nebula 300+ — Nebula 300+ / Tenda F3 V2.0 FirmwareCWE-306	6.5	Medium	2026-03-23
CVE-2026-32969	Pre-Auth Blind SQLi in userinfo Endpoint — MB connect line mbCONNECT24CWE-89	7.5	High	2026-03-23
CVE-2026-32968	Unauthenticated RCE in com_mb24sysapi — MB connect line mbCONNECT24CWE-78	9.8	Critical	2026-03-23
CVE-2026-4585	Tiandy Easy7 Integrated Management Platform Configuration ImportSystemConfiguration.jsp os command injection — Easy7 Integrated Management PlatformCWE-78	9.8	Critical	2026-03-23
CVE-2026-3587	Hidden CLI Function Allows Root Access — Lean Managed Switch 852-1812CWE-912	10.0	Critical	2026-03-23
CVE-2025-13997	King Addons for Elementor <= 51.1.49 - Unauthenticated API Keys Disclosure — King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup BuilderCWE-200	5.3	Medium	2026-03-23
CVE-2026-1969	ThemeREX Addons < 2.38.5 - Unauthenticated Arbitrary File Upload — trx_addons	9.1	-	2026-03-23
CVE-2025-10734	ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.12 - Unauthenticated Sensitive Information Exposure — ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & SchemaCWE-922	5.3	Medium	2026-03-23
CVE-2025-10679	ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.12 - Unauthenticated Limited Remote Code Execution — ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & SchemaCWE-94	7.3	High	2026-03-23
CVE-2025-10731	ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.12 - Unauthenticated Sensitive Information Exposure to Data Export — ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & SchemaCWE-285	5.3	Medium	2026-03-23
CVE-2025-10736	ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.10 - Incorrect Authorization to Unauthenticated Information Exposure and Data Manipulation — ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & SchemaCWE-285	6.5	Medium	2026-03-23
CVE-2026-2580	WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters <= 4.9.1 - Unauthenticated SQL Injection via 'orderby' Parameter — WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & FiltersCWE-89	7.5	High	2026-03-22
CVE-2026-33292	AVideo has Authorization Bypass via Path Traversal in HLS Endpoint Allows Streaming Private/Paid Videos — AVideoCWE-22	7.5	High	2026-03-22
CVE-2026-4544	Wavlink WL-WN578W2 POST Request login.cgi cross site scripting — WL-WN578W2CWE-79	2.4	Low	2026-03-22
CVE-2026-4543	Wavlink WL-WN578W2 POST Request firewall.cgi command injection — WL-WN578W2CWE-77	6.3	Medium	2026-03-22
CVE-2026-3629	Import and export users and customers <= 1.29.7 - Privilege Escalation to Administrator via save_extra_user_profile_fields — Import and export users and customersCWE-269	8.1	High	2026-03-21
CVE-2019-25581	i-doit CMDB 1.12 SQL Injection via objGroupID Parameter — doit CMDBCWE-89	8.2	High	2026-03-21
CVE-2019-25580	ownDMS 4.7 SQL Injection via pdfstream.php imagestream.php — ownDMSCWE-434	8.2	High	2026-03-21
CVE-2019-25579	phpTransformer 2016.9 Directory Traversal via jQueryFileUpload — phpTransformerCWE-22	7.5	High	2026-03-21
CVE-2019-25576	Kepler Wallpaper Script 1.1 SQL Injection via category — Kepler Wallpaper ScriptCWE-89	8.2	High	2026-03-21
CVE-2019-25575	SimplePress CMS 1.0.7 SQL Injection via p and s Parameters — SimplePress CMSCWE-89	8.2	High	2026-03-21
CVE-2019-25570	RealTerm Serial Terminal 2.0.0.70 Denial of Service via Port Field — RealTerm: Serial TerminalCWE-1260	5.5	Medium	2026-03-21
CVE-2026-4373	JetFormBuilder <= 3.5.6.2 - Unauthenticated Arbitrary File Read via Media Field — JetFormBuilder — Dynamic Blocks Form BuilderCWE-36	7.5	High	2026-03-21
CVE-2026-3478	Content Syndication Toolkit <= 1.3 - Unauthenticated Server-Side Request Forgery via 'url' Parameter — Content Syndication ToolkitCWE-918	7.2	High	2026-03-21
CVE-2026-2723	Post Snippits <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Update — Post SnippitsCWE-352	6.1	Medium	2026-03-21
CVE-2026-4143	Neos Connector for Fakturama <= 0.0.14 - Cross-Site Request Forgery to Settings Update — Neos Connector for FakturamaCWE-352	4.3	Medium	2026-03-21
CVE-2026-1648	Performance Monitor <= 1.0.6 - Unauthenticated Server-Side Request Forgery via 'url' Parameter — Performance MonitorCWE-918	7.2	High	2026-03-21
CVE-2026-1647	Comment Genius <= 1.2.5 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] — Comment GeniusCWE-79	6.1	Medium	2026-03-21
CVE-2026-2427	itsukaita <= 0.1.2 - Reflected Cross-Site Scripting via 'day_from' Parameter — itsukaitaCWE-79	6.1	Medium	2026-03-21

Vulnerabilities classified as access:pre-auth represent 18823 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

access:pre-auth — CVE vulnerabilities tagged 18823