Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19070

19070 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2023-5756 Digital Publications by Supsystic <= 1.7.6 - Cross-Site Request Forgery via AJAX action — WordPress Flipbook by SupsysticCWE-352 5.4 Medium2023-12-09
CVE-2023-6394 Quarkus: graphql operations over websockets bypass — Red Hat build of Quarkus 2.13.9.FinalCWE-862 7.4 High2023-12-09
CVE-2023-50430 Dell Inspiron 安全漏洞 — n/a 6.8 -2023-12-09
CVE-2023-6337 Vault May be Vulnerable to a Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests — VaultCWE-770 7.5 High2023-12-08
CVE-2023-32460 Dell PowerEdge Server BIOS 访问控制错误漏洞 — PowerEdge PlatformCWE-306 8.8 High2023-12-08
CVE-2023-43742 Zultys MX Series 安全漏洞 — n/a 9.8 -2023-12-08
CVE-2023-45866 Google Android 安全漏洞 — n/a 6.5AIMediumAI2023-12-08
CVE-2023-5008 Student Information System v1.0 - Unauthenticated SQL Injection — Student Information SystemCWE-89 9.8 Critical2023-12-07
CVE-2023-39167 SENEC: Storage Box V1,V2 and V3 affected by improper access control vulnerability — Storage Box V1CWE-862 7.5 High2023-12-07
CVE-2023-39172 SENEC: Storage Box V1,V2 and V3 transmitting sensitive data unencrypted — Storage Box V1CWE-319 9.1 Critical2023-12-07
CVE-2023-5761 WordPress Plugin Burst Statistics 安全漏洞 — Burst Statistics – Privacy-Friendly Analytics for WordPress 9.8 Critical2023-12-07
CVE-2023-33411 Supermicro X11 安全漏洞 — n/a 7.5 -2023-12-07
CVE-2023-39909 Ericsson Network Manager 安全漏洞 — n/a 9.8 -2023-12-07
CVE-2023-41913 strongSwan 安全漏洞 — n/a 9.8AICriticalAI2023-12-07
CVE-2023-48823 GaatiTrack Courier Management System 安全漏洞 — n/a 9.1 -2023-12-07
CVE-2023-49096 Argument Injection in FFmpeg codec parameters in Jellyfin — jellyfinCWE-88 7.7 High2023-12-06
CVE-2023-46688 Pleasanter 安全漏洞 — Pleasanter 6.1 -2023-12-06
CVE-2023-6527 Email Subscription Popup <= 1.2.18 - Reflected Cross-Site Scripting — Email Subscription PopupCWE-79 6.1 Medium2023-12-06
CVE-2023-48849 Ruijie Networks RG-EG Series Routers 安全漏洞 — n/a 9.8 -2023-12-06
CVE-2023-6448 Unitronics VisiLogic uses a default administrative password — VisiLogicCWE-1188 9.8 Critical2023-12-05
CVE-2023-44298 Dell PowerEdge Server BIOS 安全漏洞 — PowerEdge BIOSCWE-1234 3.6 Low2023-12-05
CVE-2023-44297 Dell PowerEdge Server BIOS 安全漏洞 — PowerEdge BIOSCWE-1234 7.1 High2023-12-05
CVE-2023-49070 Pre-auth RCE in Apache Ofbiz 18.12.09 due to XML-RPC still present — Apache OFBizCWE-94 9.8 -2023-12-05
CVE-2023-6269 Argument injection vulnerability in Atos Unify OpenScape Session Border Controller, Atos Unify OpenScape Branch and Atos Unify OpenScape BCF — OpenScape Session Border Controller (SBC)CWE-88 10.0 Critical2023-12-05
CVE-2023-5188 WAGO Improper Input Validation in IEC61850 Server / Telecontrol — Telecontrol ConfiguratorCWE-20 7.5 High2023-12-05
CVE-2023-39248 Dell OS10 Networking Switches 安全漏洞 — Dell Networking OS10CWE-400 7.5 High2023-12-05
CVE-2023-44288 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFSCWE-664 7.5 High2023-12-05
CVE-2023-6063 WP Fastest Cache < 1.2.2 - Unauthenticated SQL Injection — WP Fastest Cache 9.8AICriticalAI2023-12-04
CVE-2023-5884 Word Balloon < 4.20.3 - Avatar Removal via CSRF — Word Balloon 4.3AIMediumAI2023-12-04
CVE-2023-49080 Jupyter Server errors include tracebacks with path information — jupyter_serverCWE-209 3.5 Low2023-12-04

Vulnerabilities classified as access:pre-auth represent 19070 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.