Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18965

18965 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2023-2437 UserPro <= 5.1.1 - Authentication Bypass to Administrator — UserPro - Community and User Profile WordPress PluginCWE-288 9.8 Critical2023-11-22
CVE-2023-2438 UserPro <= 5.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via userpro_save_userdata — UserPro - Community and User Profile WordPress PluginCWE-352 6.1 Medium2023-11-22
CVE-2023-2448 UserPro <= 5.1.4 - Missing Authorization to Arbitrary Shortcode Execution via userpro_shortcode_template — UserPro - Community and User Profile WordPress PluginCWE-862 6.5 Medium2023-11-22
CVE-2023-2440 UserPro <= 5.1.1 - Cross-Site Request Forgery to Privilege Escalation — UserPro - Community and User Profile WordPress PluginCWE-352 8.8 High2023-11-22
CVE-2023-5382 Funnelforms Free <= 3.4 - Cross-Site Request Forgery to Arbitrary Post Deletion — Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms FreeCWE-352 6.5 Medium2023-11-22
CVE-2023-6007 UserPro <= 5.1.1 - Missing Authorization via multiple functions — UserPro - Community and User Profile WordPress PluginCWE-862 7.3 High2023-11-22
CVE-2023-5537 Delete Usermetas <= 1.1.2 - Cross-Site Request Forgery — Delete UsermetasCWE-352 4.3 Medium2023-11-22
CVE-2023-5815 News & Blog Designer Pack – WordPress Blog Plugin <= 3.4.1 - Unauthenticated Remote Code Execution via Local File Inclusion — Blog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, NewsCWE-98 8.1 High2023-11-22
CVE-2023-5822 Drag and Drop Multiple File Upload - Contact Form 7 <= 1.3.7.3 - Unauthenticated Arbitrary File Upload — Drag and Drop Multiple File Upload for Contact Form 7CWE-434 8.1 High2023-11-22
CVE-2023-3104 Missing Authentication for Critical Function in Unitree Robotics A1 — A1CWE-306 5.7 Medium2023-11-22
CVE-2023-37924 Apache Submarine: SQL injection from unauthorized login — Apache SubmarineCWE-89 8.8AIHighAI2023-11-22
CVE-2023-2447 UserPro <= 5.1.1 - Cross-Site Request Forgery to Sensitive Information Exposure — UserPro - Community and User Profile WordPress PluginCWE-352 6.1 Medium2023-11-22
CVE-2023-6248 Data leakage and arbitrary remote code execution in Syrus cloud devices — Syrus4 IoT Telematics GatewayCWE-287 10.0 Critical2023-11-21
CVE-2023-47643 SuiteCRM has Unauthenticated Graphql Introspection Enabled — SuiteCRM-CoreCWE-200 3.1 Low2023-11-21
CVE-2023-5776 Post Meta Data Manager <= 1.2.1 - Cross-Site Request Forgery to Post, Term, and User Meta Deletion — Post Meta Data ManagerCWE-352 4.3 Medium2023-11-21
CVE-2023-4149 WAGO: OS Command Injection Vulnerability in Managed Switch — Industrial Managed Switch (0852-0602)CWE-78 9.8 Critical2023-11-21
CVE-2023-49105 ownCloud 安全漏洞 — n/a 9.8 Critical2023-11-21
CVE-2023-5640 Article Analytics <= 1.0 - Unauthenticated SQL injection — Article analytics 9.8AICriticalAI2023-11-20
CVE-2023-5652 WP Hotel Booking < 2.0.8 - Unauthenticated SQLi — WP Hotel Booking 9.8AICriticalAI2023-11-20
CVE-2023-5340 Five Star Restaurant Menu and Food Ordering < 2.4.11 - Unauthenticated PHP Object Injection — Five Star Restaurant Menu and Food Ordering 9.8AICriticalAI2023-11-20
CVE-2023-6197 Audio Merchant <= 5.0.4 - Cross-Site Request Forgery to Settings Modifcation and Stored Cross-Site Scripting — Audio MerchantCWE-352 5.4 Medium2023-11-20
CVE-2023-6196 Audio Merchant <= 5.0.4 - Cross-Site Request Forgery to Arbitrary File Upload — Audio MerchantCWE-352 8.8 High2023-11-20
CVE-2023-47175 LuxSoft LuxCal Web Calendar 安全漏洞 — LuxCal Web Calendar 6.1AIMediumAI2023-11-20
CVE-2023-46700 LuxSoft LuxCal Web Calendar 安全漏洞 — LuxCal Web Calendar 9.8AICriticalAI2023-11-20
CVE-2023-38880 Open Solutions For Education openSIS 安全漏洞 — n/a 7.5AIHighAI2023-11-20
CVE-2023-38884 Open Solutions For Education openSIS 安全漏洞 — n/a 7.5AIHighAI2023-11-20
CVE-2023-44355 ColdFusion | Improper Input Validation (CWE-20) — ColdFusionCWE-20 4.3 Medium2023-11-17
CVE-2023-26347 CVE-2023-38205 issues | ColdFusion Admin Panel Access — ColdFusionCWE-284 7.5 High2023-11-17
CVE-2023-44352 Unauthenticate Reflected XSS on Adobe Coldfusion 2018 - 2021 - 2023 last version — ColdFusionCWE-79 6.1 Medium2023-11-17
CVE-2023-22272 ZDI-CAN-21309: Adobe RoboHelp Server resolveDistinguishedName LDAP Injection Information Disclosure Vulnerability — RoboHelpCWE-20 7.5 High2023-11-17

Vulnerabilities classified as access:pre-auth represent 18965 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.