Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19070

19070 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2023-43901 EMSigner 安全漏洞 — n/a 7.5 -2023-11-14
CVE-2023-43902 EMSigner 安全漏洞 — n/a 9.8 -2023-11-14
CVE-2023-45878 Gibbon 安全漏洞 — n/a 9.8 -2023-11-14
CVE-2023-4603 Star CloudPRNT for WooCommerce <= 2.0.3 - Reflected Cross-Site Scripting — Star CloudPRNT for WooCommerceCWE-79 6.1 Medium2023-11-13
CVE-2023-47164 HotelDruid 安全漏洞 — HOTELDRUID 6.1 -2023-11-10
CVE-2023-39796 WBCE CMS 安全漏洞 — n/a 9.8 -2023-11-10
CVE-2023-47610 Telit Cinterion BGS5 安全漏洞 — EHS5CWE-120 8.1 High2023-11-09
CVE-2023-5759 Unauthenticated Remote Denial-of-Service via Buffer in Helix Core — Helix CoreCWE-400 7.5 High2023-11-08
CVE-2023-45319 Unauthenticated Remote Denial-of-Service (Commit) in Helix Core — Helix CoreCWE-400 7.5 High2023-11-08
CVE-2023-35767 Unauthenticated Remote Denial-of-Service via Shutdown Function in Helix Core — Helix CoreCWE-400 7.5 High2023-11-08
CVE-2023-6001 Prometheus Metrics Accessible Pre-Authentication — YugabyteDB AnywhereCWE-200 5.3 Medium2023-11-07
CVE-2023-46800 Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi) — Online Matrimonial ProjectCWE-89 9.8 Critical2023-11-07
CVE-2023-46793 Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi) — Online Matrimonial ProjectCWE-89 9.8 Critical2023-11-07
CVE-2023-46789 Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi) — Online Matrimonial ProjectCWE-89 9.8 Critical2023-11-07
CVE-2023-46788 Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi) — Online Matrimonial ProjectCWE-89 9.8 Critical2023-11-07
CVE-2023-46787 Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi) — Online Matrimonial ProjectCWE-89 9.8 Critical2023-11-07
CVE-2023-46785 Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi) — Online Matrimonial ProjectCWE-89 9.8 Critical2023-11-07
CVE-2023-46679 Online Job Portal v1.0 - Multiple Unauthenticated SQL Injections (SQLi) — Online Job PortalCWE-89 9.8 Critical2023-11-07
CVE-2023-46677 Online Job Portal v1.0 - Multiple Unauthenticated SQL Injections (SQLi) — Online Job PortalCWE-89 9.8 Critical2023-11-07
CVE-2023-5982 UpdraftPlus <= 1.23.10 - Cross-Site Request Forgery to Google Drive Storage Update — UpdraftPlus: WP Backup & Migration PluginCWE-352 5.4 Medium2023-11-07
CVE-2023-5818 Amazonify <= 0.8.1 - Cross-Site Request Forgery to Amazon Tracking ID Update — AmazonifyCWE-352 4.3 Medium2023-11-07
CVE-2023-5532 ImageMapper <= 1.2.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting via imgmap_save_area_title — ImageMapperCWE-352 6.1 Medium2023-11-07
CVE-2023-5975 ImageMapper <= 1.2.6 - Cross-Site Request Forgery to Plugin Settings Change via ajax — ImageMapperCWE-352 4.3 Medium2023-11-07
CVE-2023-38547 Veeam ONE 安全漏洞 — One 9.8 -2023-11-07
CVE-2023-43984 PrestaShop Advanced Export Products Orders Cron CSV Excel 安全漏洞 — n/a 7.5 -2023-11-07
CVE-2023-5601 WooCommerce Ninja Forms Product Add-ons < 1.7.1 - Unauthenticated Arbitrary File Upload — WooCommerce Ninja Forms Product Add-ons 9.8 -2023-11-06
CVE-2023-4930 Front End PM < 11.4.3 - Sensitive Data Exposure via Directory Listing — Front End PM 7.5 -2023-11-06
CVE-2023-5454 Templately < 2.2.6 - Arbitrary post trashing via Missing Authorization — Templately 7.5 -2023-11-06
CVE-2023-5771 HTML injection in AdminUI through email subject — Proofpoint Enterprise ProtectionCWE-79 6.1 Medium2023-11-06
CVE-2023-46731 Remote code execution through the section parameter in Administration as guest in XWiki Platform — xwiki-platformCWE-94 10.0 Critical2023-11-06

Vulnerabilities classified as access:pre-auth represent 19070 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.