18893 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-4083 | Easy Restaurant Table Booking <= 1.0.0 - Cross-Site Request Forgery — Easy Restaurant Table BookingCWE-352 | 4.3 | Medium | 2024-05-02 |
| CVE-2024-3585 | Send PDF for Contact Form 7 <= 1.0.2.3 - Missing Authorization — Send PDF for Contact Form 7CWE-862 | 5.3 | Medium | 2024-05-02 |
| CVE-2023-6962 | WP Meta SEO <= 4.5.12 - Information Exposure via Meta Description — WP Meta SEOCWE-1230 | 5.3 | Medium | 2024-05-02 |
| CVE-2024-3544 | LoadMaster Hardcoded SSH Key — LoadMasterCWE-798 | 7.5 | High | 2024-05-02 |
| CVE-2024-31964 | Mitel 6800 SIP 和 6900 SIP 安全漏洞 — n/a | 9.1 | - | 2024-05-02 |
| CVE-2024-31967 | Mitel 6800 SIP 和 6900 SIP 安全漏洞 — n/a | 9.1 | - | 2024-05-02 |
| CVE-2024-20376 | Cisco IP Phone 安全漏洞 — Cisco IP Phones with Multiplatform FirmwareCWE-787 | 7.5 | High | 2024-05-01 |
| CVE-2024-20378 | Cisco IP Phone 安全漏洞 — Cisco IP Phones with Multiplatform FirmwareCWE-305 | 7.5 | High | 2024-05-01 |
| CVE-2024-20357 | Cisco IP Phone 安全漏洞 — Cisco IP Phones with Multiplatform FirmwareCWE-787 | 5.9 | Medium | 2024-05-01 |
| CVE-2024-33518 | Aruba Networks ArubaOS 安全漏洞 — Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central | 5.3 | Medium | 2024-05-01 |
| CVE-2024-33517 | Aruba Networks ArubaOS 安全漏洞 — Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central | 5.3 | Medium | 2024-05-01 |
| CVE-2024-33516 | Aruba Networks ArubaOS 安全漏洞 — Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central | 5.3 | Medium | 2024-05-01 |
| CVE-2024-33515 | Aruba Networks ArubaOS 安全漏洞 — Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central | 5.3 | Medium | 2024-05-01 |
| CVE-2024-33514 | Aruba Networks ArubaOS 安全漏洞 — Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central | 5.3 | Medium | 2024-05-01 |
| CVE-2024-33513 | Aruba Networks ArubaOS 安全漏洞 — Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central | 5.9 | Medium | 2024-05-01 |
| CVE-2023-49606 | Tinyproxy 资源管理错误漏洞 — TinyproxyCWE-416 | 9.8 | Critical | 2024-05-01 |
| CVE-2024-33512 | Aruba Networks ArubaOS 安全漏洞 — Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central | 9.8 | Critical | 2024-05-01 |
| CVE-2024-33511 | Aruba Networks ArubaOS 安全漏洞 — Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central | 9.8 | Critical | 2024-05-01 |
| CVE-2024-26305 | Aruba Networks ArubaOS 安全漏洞 — Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central | 9.8 | Critical | 2024-05-01 |
| CVE-2024-26304 | Aruba Networks ArubaOS 安全漏洞 — Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central | 9.8 | Critical | 2024-05-01 |
| CVE-2024-3591 | WordPress Geo Controller < 8.6.5 - PHP Object Injection — Geo Controller | 9.8AI | CriticalAI | 2024-05-01 |
| CVE-2023-46295 | Teledyne FLIR M300 安全漏洞 — n/a | 9.8 | - | 2024-05-01 |
| CVE-2024-2663 | ZD YouTube FLV Player <= 1.2.6 - Server-Side Request Forgery — ZD YouTube FLV PlayerCWE-918 | 8.3 | High | 2024-04-30 |
| CVE-2024-4185 | Customer Email Verification for WooCommerce <= 2.7.4 - Email Verification and Authentication Bypass due to Insufficient Randomness — Customer Email Verification for WooCommerceCWE-330 | 8.1 | High | 2024-04-30 |
| CVE-2024-1371 | LeadConnector <= 1.7 - Missing Authorization to Unauthenticated Arbitrary Post Deletion — LeadConnectorCWE-862 | 6.5 | Medium | 2024-04-30 |
| CVE-2024-4302 | Super 8 livechat SDK - Cross-site Scripting — livechat SDKCWE-79 | 6.1 | Medium | 2024-04-29 |
| CVE-2024-3682 | WP STAGING <= 3.4.3 and WP STAGING Pro <= 5.4.3 - Sensitive Information Exposure via Log File — WP STAGING – WordPress Backup, Restore & MigrationCWE-200 | 5.3 | Medium | 2024-04-26 |
| CVE-2024-3962 | Product Addons & Fields for WooCommerce <= 32.0.18 - Unauthenticated Arbitrary File Upload via ppom_upload_file — PPOM – Product Addons & Custom Fields for WooCommerceCWE-434 | 9.8 | Critical | 2024-04-26 |
| CVE-2024-2920 | WP-Members Membership Plugin <= 3.4.9.3 - Unprotected Storage of Potentially Sensitive Files — WP-Members Membership PluginCWE-200 | 5.3 | Medium | 2024-04-26 |
| CVE-2024-3678 | Blog2Social: Social Media Auto Post & Scheduler <= 7.4.2 - Information Exposure — Blog2Social: Social Media Auto Post & SchedulerCWE-862 | 5.3 | Medium | 2024-04-26 |
Vulnerabilities classified as access:pre-auth represent 18893 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.