Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19070

19070 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2023-5348 Product Catalog Enquiry for WooCommerce < 5.0.3 - Unauthenticated Stored XSS via Arbitrary Setting Update — Product Catalog Mode For WooCommerce 6.1AIMediumAI2023-12-18
CVE-2023-6203 The Events Calendar < 6.2.8.1 - Unauthenticated Arbitrary Password Protected Post Read — The Events Calendar 7.5AIHighAI2023-12-18
CVE-2022-41677 Bosch IP cameras 信息泄露漏洞 — Camera FirmwareCWE-284 5.3 Medium2023-12-18
CVE-2023-35867 部分Bosch产品 安全漏洞 — BVMSCWE-703 5.9 Medium2023-12-18
CVE-2023-32230 部分Bosch产品 安全漏洞 — Video Recording ManagerCWE-703 7.5 High2023-12-18
CVE-2023-28053 Dell NetWorker 安全漏洞 — NetWorker Virtual EditionCWE-327 5.3 Medium2023-12-18
CVE-2023-41314 Apache Doris: Missing API authentication allowed DoS — Apache DorisCWE-863 9.1AICriticalAI2023-12-18
CVE-2023-6483 Improper Authentication Vulnerability in ADiTaaS — Allied Digital Integrated Tool-as-a-ServiceCWE-287 9.1 Critical2023-12-18
CVE-2023-6559 MW WP Form <= 5.0.3 - Improper Limitation of File Name to Unauthenticated Arbitrary File Deletion — MW WP FormCWE-22 7.5 High2023-12-16
CVE-2023-50784 UnrealIRCd 安全漏洞 — n/a 9.8 -2023-12-16
CVE-2021-42796 AVEVA Edge 安全漏洞 — n/a 9.8 -2023-12-16
CVE-2021-42797 AVEVA Edge 安全漏洞 — n/a 9.1 -2023-12-16
CVE-2023-6553 Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution — BackupBliss – Backup & Migration with Free Cloud StorageCWE-94 9.8 Critical2023-12-15
CVE-2023-6838 WSO2 API Manager 跨站脚本漏洞 — WSO2 API ManagerCWE-79 6.1 Medium2023-12-15
CVE-2023-48392 Kaifa Technology WebITR - Hard-coded Cryptographic Key — WebITRCWE-321 9.8 Critical2023-12-15
CVE-2023-48390 Multisuns EasyLog web+ - Command Injection — EasyLog web+CWE-94 9.8 Critical2023-12-15
CVE-2023-48389 Multisuns EasyLog web+ - Path Traversal — EasyLog web+CWE-22 7.5 High2023-12-15
CVE-2023-48384 ArmorX Global Technology Corporation ArmorX Spam - SQL Injectoin — ArmorX Spam CWE-89 9.8 Critical2023-12-15
CVE-2023-48382 Softnext Mail SQR Expert - Local File Inclusion-2 — Mail SQR Expert CWE-22 6.5 Medium2023-12-15
CVE-2023-48381 Softnext Mail SQR Expert - Local File Inclusion-1 — Mail SQR Expert CWE-22 6.5 Medium2023-12-15
CVE-2023-48379 Softnext Mail SQR Expert - Blind Server-Side Request Forgey (SSRF) — Mail SQR Expert CWE-918 5.3 Medium2023-12-15
CVE-2023-48378 Softnext Mail SQR Expert - Path Traversal — Mail SQR Expert CWE-22 7.5 High2023-12-15
CVE-2023-48376 SmartStar Software CWS Web-Base - Arbitrary File Upload — CWS Web-BaseCWE-434 9.8 Critical2023-12-15
CVE-2023-48374 SmartStar Software CWS Web-Base - Use of Hard-coded Credentials — CWS Web-BaseCWE-798 6.5 Medium2023-12-15
CVE-2023-48373 ITPison OMICARD EDM 's SMS - Path Traversal — OMICARD EDM 's SMSCWE-22 7.5 High2023-12-15
CVE-2023-48372 ITPison OMICARD EDM 's SMS - SQL Injection — OMICARD EDM 's SMSCWE-89 9.8 Critical2023-12-15
CVE-2023-48371 ITPison OMICARD EDM 's SMS - Arbitrary File Upload — OMICARD EDM 's SMSCWE-434 9.8 Critical2023-12-15
CVE-2023-50715 User accounts disclosed to unauthenticated actors on the LAN — coreCWE-200 4.3 Medium2023-12-15
CVE-2023-6368 WhatsUp Gold Unauthenticated Access to an API Endpoint — WhatsUp GoldCWE-306 5.9 Medium2023-12-14
CVE-2023-6595 WhatsUp Gold Unauthenticated Access to an API Endpoint — WhatsUp GoldCWE-306 7.5 High2023-12-14

Vulnerabilities classified as access:pre-auth represent 19070 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.