Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18893

18893 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2024-5011 WhatsUp Gold TestController Chart denial of service vulnerability — WhatsUp GoldCWE-400 7.5 High2024-06-25
CVE-2024-5010 WhatsUp Gold TestController multiple information disclosure vulnerabilities — WhatsUp GoldCWE-200 7.5 High2024-06-25
CVE-2024-4885 WhatsUp Gold GetFileWithoutZip Directory Traversal Remote Code Execution Vulnerability — WhatsUp GoldCWE-22 9.8 Critical2024-06-25
CVE-2024-4884 WhatsUp Gold CommunityController Unrestricted File Upload Remote Code Execution Vulnerability — WhatsUp GoldCWE-77 9.8 Critical2024-06-25
CVE-2024-4883 WhatsUp Gold WriteDataFile Directory Traversal Remote Code Execution Vulnerability — WhatsUp GoldCWE-77 9.8 Critical2024-06-25
CVE-2024-5276 SQL Injection Vulnerability in FileCatalyst Workflow 5.1.6 Build 135 (and earlier) — FileCatalyst WorkflowCWE-20 9.8 Critical2024-06-25
CVE-2024-5990 ThinManager® ThinServer™ Improper Input Validation Vulnerability — ThinManager® ThinServer™CWE-20 7.5AIHighAI2024-06-25
CVE-2024-5989 Rockwell Automation ThinManager® ThinServer™ Improper Input Validation Vulnerability — ThinManager® ThinServer™CWE-20 9.8AICriticalAI2024-06-25
CVE-2024-5988 Rockwell Automation ThinManager® ThinServer™ Improper Input Validation Vulnerability — ThinManager® ThinServer™CWE-20 9.8AICriticalAI2024-06-25
CVE-2024-6028 Quiz Maker <= 6.5.8.3 - Unauthenticated SQL Injection via 'ays_questions' Parameter — Quiz MakerCWE-89 9.8 Critical2024-06-25
CVE-2023-5038 Unauthenticated DoS — A-Series, Q-Series, PNM-series CameraCWE-703 7.5AIHighAI2024-06-25
CVE-2023-45195 Adminer and AdminerEvo SSRF — AdminerCWE-918 5.3AIMediumAI2024-06-24
CVE-2023-45196 Adminer and AdminerEvo denial of service via HTTP redirect — AdminerCWE-400 7.5AIHighAI2024-06-24
CVE-2024-33898 Axiros AXESS ACS 安全漏洞 — n/a 9.8AICriticalAI2024-06-24
CVE-2024-37825 EnvisionWare Computer Access & Reservation Control SelfCheck 安全漏洞 — n/a 6.5AIMediumAI2024-06-24
CVE-2024-3593 UberMenu <= 3.8.3 - Cross-Site Request Forgery to Settings Reset — UberMenuCWE-352 7.2 High2024-06-22
CVE-2024-5596 ARMember Premium <= 6.7 - Cross-Site Request Forgery via multiple functions — ARMember Premium – Membership Plugin, Content Restriction, Member Levels, User Profile & User signupCWE-352 6.3 Medium2024-06-22
CVE-2024-21514 OpenCart 安全漏洞 — opencart/opencartCWE-89 7.4 High2024-06-22
CVE-2024-5791 Appointment Booking and Online Scheduling <= 4.4.2 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting — Online Booking & Scheduling Calendar for WordPress by vcitaCWE-79 7.2 High2024-06-22
CVE-2024-6027 Themify - WooCommerce Product Filter <= 1.4.9 - Unauthenticated SQL Injection via conditions Parameter — Themify – WooCommerce Product FilterCWE-89 9.8 Critical2024-06-21
CVE-2024-5859 Appointment Booking and Online Scheduling <= 4.4.2 - Reflected Cross-Site Scripting — Online Booking & Scheduling Calendar for WordPress by vcitaCWE-79 6.1 Medium2024-06-21
CVE-2024-4477 WP Logs Book <= 1.0.1 - Unauthenticated Stored XSS — WP Logs Book 6.1 -2024-06-21
CVE-2024-4616 Widget Bundle <= 2.0.0 - Unauthencated Reflected XSS — Widget Bundle 6.1 -2024-06-21
CVE-2024-5756 Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.23 - Unauthenticated SQL Injection via optin — Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPressCWE-89 9.8 Critical2024-06-21
CVE-2024-3961 ConvertKit <= 2.4.9 - Missing Authorization — Kit (formerly ConvertKit) – Email Newsletter, Email Marketing, Membership, Subscribers and Landing PagesCWE-862 5.3 Medium2024-06-21
CVE-2024-3610 WP Child Theme Generator <= 1.1.1 - Missing Authorization to Unauthenticated Child Theme Creation/Activation — WP Child Theme GeneratorCWE-862 5.3 Medium2024-06-21
CVE-2024-5344 The Plus Addons for Elementor Page Builder <= 5.5.6 - Reflected Cross-Site Scripting via WP Login and Register Widget — The Plus Addons for Elementor Page Builder ProCWE-79 6.1 Medium2024-06-21
CVE-2024-38874 TYPO3 安全漏洞 — n/a 5.4 Medium2024-06-21
CVE-2023-49111 Reflected Cross-Site-Scripting in Kiuwan SAST — SASTCWE-79 6.1 -2024-06-20
CVE-2024-4098 Shariff Wrapper <= 4.6.13 - Unauthenticated Local File Inclusion — Shariff WrapperCWE-22 9.8 Critical2024-06-20

Vulnerabilities classified as access:pre-auth represent 18893 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.