Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19070

19070 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2023-49633 Billing Software v1.0 - Multiple Unauthenticated SQL Injections (SQLi) — Billing SoftwareCWE-89 9.8 Critical2024-01-04
CVE-2023-49625 Billing Software v1.0 - Multiple Unauthenticated SQL Injections (SQLi) — Billing SoftwareCWE-89 9.8 Critical2024-01-04
CVE-2023-49624 Billing Software v1.0 - Multiple Unauthenticated SQL Injections (SQLi) — Billing SoftwareCWE-89 9.8 Critical2024-01-04
CVE-2023-49622 Billing Software v1.0 - Multiple Unauthenticated SQL Injections (SQLi) — Billing SoftwareCWE-89 9.8 Critical2024-01-04
CVE-2023-5881 Unauthenticated access permitted to web interface page "Garage Door Control Module Setup" — Aladdin Connect (Retrofit-Kit)CWE-306 7.5AIHighAI2024-01-03
CVE-2024-21911 Cross-site scripting vulnerability in TinyMCE CWE-79 6.1AIMediumAI2024-01-03
CVE-2024-21910 Cross-site scripting vulnerability in TinyMCE plugins CWE-79 6.1AIMediumAI2024-01-03
CVE-2024-21909 Denial of service in CBOR library CWE-407 7.5AIHighAI2024-01-03
CVE-2024-21908 Cross-site scripting vulnerability in TinyMCE CWE-79 6.1AIMediumAI2024-01-03
CVE-2024-21907 Improper Handling of Exceptional Conditions in Newtonsoft.Json CWE-755 7.5AIHighAI2024-01-03
CVE-2023-6984 PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) <= 2.7.13 - Cross-Site Request Forgery — PowerPack Addons for Elementor (Free Widgets, Extensions and Templates)CWE-352 5.3 Medium2024-01-03
CVE-2023-6980 WP SMS <= 6.5 - Cross-Site Request Forgery to Subscriber Deletion — WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerceCWE-352 4.3 Medium2024-01-03
CVE-2023-6600 OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. <= 5.7.9 - Missing Authorization to Unauthenticated Directory Deletion and Cross-Site Scripting — OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy.CWE-862 8.6 High2024-01-03
CVE-2023-6629 POST SMTP Mailer <= 2.8.6 - Reflected Cross-Site Scripting via msg — Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile AppCWE-79 6.1 Medium2024-01-03
CVE-2023-7027 POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.7 - Unauthenticated Stored Cross-Site Scripting via device — Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile AppCWE-79 7.2 High2024-01-03
CVE-2023-45724 Unauthenticated File Upload affects DRYiCE MyXalytics — DRYiCE MyXalytics 8.2 High2024-01-03
CVE-2023-50344 Unauthenticated File Downloads affect DRYiCE MyXalytics — DRYiCE MyXalytics 5.4 Medium2024-01-03
CVE-2023-45892 Floorsight Insights Q3 2023 安全漏洞 — n/a 7.5AIHighAI2024-01-02
CVE-2023-45893 Floorsight Software Customer Portal 安全漏洞 — n/a 7.5AIHighAI2024-01-02
CVE-2023-6113 WP Staging (Free < 3.1.3, Pro < 5.1.3) - Unauthenticated Backup Download — WP STAGING WordPress Backup Plugin 7.5 -2024-01-01
CVE-2023-5877 affiliate-toolkit < 3.4.3 - Unauthenticated SSRF — affiliate-toolkit 9.1 -2024-01-01
CVE-2023-52286 Tencent TDSQL 安全漏洞 — n/a 9.8 -2023-12-31
CVE-2023-51665 Audiobookshelf vulnerable to Blind SSRF in `Auth.js` — audiobookshelfCWE-918 4.3 Medium2023-12-27
CVE-2023-51697 Audiobookshelf vulnerable to Blind SSRF in `podcastUtils.js` — audiobookshelfCWE-918 4.3 Medium2023-12-27
CVE-2023-5991 Hotel Booking Lite < 4.8.5 - Unauthenticated Arbitrary File Download & Deletion — Hotel Booking Lite 9.8AICriticalAI2023-12-26
CVE-2023-6114 Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Data Exposure — Duplicator 7.5AIHighAI2023-12-26
CVE-2023-6155 Quiz Maker < 6.4.9.5 - Unauthenticated Email Address Disclosure — Quiz Maker 5.3AIMediumAI2023-12-26
CVE-2023-6250 BestWebSoft's Like & Share < 2.74 - Unauthenticated Password Protected Post Read — BestWebSoft's Like & Share 5.3AIMediumAI2023-12-26
CVE-2023-5203 WP Sessions Time Monitoring Full Automatic < 1.0.9 - Unauthenticated SQL injection — WP Sessions Time Monitoring Full Automatic 7.5AIHighAI2023-12-26
CVE-2023-51363 Buffalo VR-S1000 安全漏洞 — VR-S1000 6.5AIMediumAI2023-12-26

Vulnerabilities classified as access:pre-auth represent 19070 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.