Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19070

19070 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2023-44302 Dell DM5500 安全漏洞 — Dell PowerProtect Data Manager DM5500 ApplianceCWE-287 8.1 High2023-12-04
CVE-2023-44305 Dell DM5500 安全漏洞 — Dell PowerProtect Data Manager DM5500 ApplianceCWE-121 8.1 High2023-12-04
CVE-2023-47279 Delta Electronics InfraSuite Device Master Path Traversal — InfraSuite Device MasterCWE-22 7.5 High2023-11-30
CVE-2023-47207 Delta Electronics InfraSuite Device Master Deserialization of Untrusted Data — InfraSuite Device MasterCWE-502 9.8 Critical2023-11-30
CVE-2023-5909 Improper Validation of Certificate with Host Mismatch in PTC KEPServerEx — KEPServerEXCWE-297 7.5 High2023-11-30
CVE-2023-39226 Delta Electronics InfraSuite Device Master Exposed Dangerous Method Or Function — InfraSuite Device MasterCWE-749 9.8 Critical2023-11-30
CVE-2023-6376 Henschen & Associates court document management software cache uses predictable file names — court document management softwareCWE-330 5.3 Medium2023-11-30
CVE-2023-6375 Tyler Technologies Magistrate Court Case Management Plus stores backups insecurely — Court Case Management PlusCWE-552 5.3 Medium2023-11-30
CVE-2023-6354 Tyler Technologies Magistrate Court Case Management Plus PDFViewer.aspx allows authentication bypass — Magistrate Court Case Management PlusCWE-287 5.3 Medium2023-11-30
CVE-2023-6353 Tyler Technologies Civil and Criminal Electronic Filing Upload.aspx allows authentication bypass — Civil and Criminal Electronic FilingCWE-287 5.3 Medium2023-11-30
CVE-2023-6344 Tyler Technologies Court Case Management Plus use of Aquaforest TIFF Server te003.aspx and te004.aspx allows authentication bypass — Court Case Management PlusCWE-287 5.3 Medium2023-11-30
CVE-2023-6343 Tyler Technologies Court Case Management Plus use of Aquaforest TIFF Server tssp.aspx allows authentication bypass — Court Case Management PlusCWE-287 5.3 Medium2023-11-30
CVE-2023-6341 Catalis CM360 allows authentication bypass — CMS360CWE-639 5.3 Medium2023-11-30
CVE-2023-2265 Improper restriction of rendered UI layers or frames could lead to clickjacking attack — SEL-411LCWE-1021 4.3 Medium2023-11-30
CVE-2023-34388 Improper authentication could lead to session hijacking — SEL-451CWE-287 6.5 Medium2023-11-30
CVE-2023-31176 Insufficient entropy vulnerability could lead to authentication bypass — SEL-451CWE-331 7.5 High2023-11-30
CVE-2023-6360 WordPress Plugin My Calendar 安全漏洞 CWE-89 8.6 High2023-11-30
CVE-2023-5772 Debug Log Manager <= 2.2.0 - Cross-Site Request Forgery — Debug Log Manager – Conveniently Monitor and Inspect ErrorsCWE-352 4.3 Medium2023-11-30
CVE-2023-4474 Zyxel NAS326 操作系统命令注入漏洞 — NAS326 firmwareCWE-78 9.8 Critical2023-11-30
CVE-2023-4473 Zyxel NAS326 操作系统命令注入漏洞 — NAS326 firmwareCWE-78 9.8 Critical2023-11-30
CVE-2023-35138 Zyxel NAS326 安全漏洞 — NAS326 firmwareCWE-78 9.8 Critical2023-11-30
CVE-2023-35137 Zyxel NAS326 授权问题漏洞 — NAS326 firmwareCWE-287 7.5 High2023-11-30
CVE-2023-46326 ZStack 安全漏洞 — n/a 9.1 -2023-11-30
CVE-2023-49693 NETGEAR ProSAFE Network Management System RCE via Unprotected Access to Java Debug Wire Protocol — NETGEAR ProSAFE Network Management SystemCWE-306 9.8 Critical2023-11-29
CVE-2023-4220 Chamilo LMS Unauthenticated Big Upload File Remote Code Execution — ChamiloCWE-434 8.1 High2023-11-28
CVE-2023-3545 Chamilo LMS Htaccess File Upload Security Bypass — ChamiloCWE-178 9.8 Critical2023-11-28
CVE-2023-3533 Chamilo LMS Unauthenticated Remote Code Execution via Arbitrary File Write — ChamiloCWE-22 9.8 Critical2023-11-28
CVE-2023-3368 Chamilo LMS Unauthenticated Command Injection — ChamiloCWE-78 9.8 Critical2023-11-28
CVE-2023-4398 Zyxel ATP 输入验证错误漏洞 — ATP series firmwareCWE-190 7.5 High2023-11-28
CVE-2023-35139 Zyxel ATP 跨站脚本漏洞 — ATP series firmwareCWE-79 5.2 Medium2023-11-28

Vulnerabilities classified as access:pre-auth represent 19070 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.