Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19070

19070 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2023-4699 Arbitrary Command Execution Vulnerability in Mitsubishi Electric proprietary protocol communication of multiple FA products — MELSEC-F Series FX3U-16MT/ESCWE-306 10.0 Critical2023-11-06
CVE-2023-4625 Denial-of-Service(DoS) Vulnerability in Web server function on MELSEC Series CPU module — MELSEC iQ-F Series FX5U-32MT/ESCWE-307 5.3 Medium2023-11-06
CVE-2023-46381 LOYTEC LINX-212 安全漏洞 — n/a 9.8 -2023-11-04
CVE-2023-5946 WordPress Plugin Digirisk 跨站脚本漏洞 — Digirisk 6.1 Medium2023-11-03
CVE-2023-5945 WordPress Plugin video carousel slider with lightbox 跨站请求伪造漏洞 — video carousel slider with lightbox 4.3 Medium2023-11-03
CVE-2023-3277 MStore API <= 4.10.7 - Unauthorized Account Access and Privilege Escalation — MStore API – Create Native Android & iOS Apps On The CloudCWE-288 9.8 Critical2023-11-03
CVE-2023-4591 Inclusion of Functionality from Untrusted Control Sphere in WPN-XM Serverstack — ServerstackCWE-829 7.5 High2023-11-03
CVE-2023-41356 WisdomGarden Tronclass ilearn - Path Traversal — Tronclass ilearnCWE-22 6.5 Medium2023-11-03
CVE-2023-41344 NCSIST ManageEngine MDM - Path Traversal — MDMCWE-22 7.5 High2023-11-03
CVE-2023-41355 Chunghwa Telecom NOKIA G-040W-Q - Improper Input Validation — NOKIA G-040W-QCWE-940 9.8 Critical2023-11-03
CVE-2023-41354 Chunghwa Telecom NOKIA G-040W-Q - Exposure of Sensitive Information — NOKIA G-040W-QCWE-200 4.0 Medium2023-11-03
CVE-2023-41351 Chunghwa Telecom NOKIA G-040W-Q - Broken Access Control — NOKIA G-040W-QCWE-288 9.8 Critical2023-11-03
CVE-2023-41350 Chunghwa Telecom NOKIA G-040W-Q - Excessive Authentication Attempts — NOKIA G-040W-QCWE-307 7.5 High2023-11-03
CVE-2023-46817 phpFox 安全漏洞 — n/a 9.8 -2023-11-03
CVE-2023-5846 Use of Password Hash With Insufficient Computational Effort in Franklin Fueling System TS-550 — TS-550CWE-916 8.3 High2023-11-02
CVE-2023-45347 Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) — Online Food Ordering SystemCWE-89 9.8 Critical2023-11-02
CVE-2023-45346 Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) — Online Food Ordering SystemCWE-89 9.8 Critical2023-11-02
CVE-2023-45345 Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) — Online Food Ordering SystemCWE-89 9.8 Critical2023-11-02
CVE-2023-45338 Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) — Online Food Ordering SystemCWE-89 9.8 Critical2023-11-02
CVE-2023-45343 Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) — Online Food Ordering SystemCWE-89 9.8 Critical2023-11-02
CVE-2023-45341 Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) — Online Food Ordering SystemCWE-89 9.8 Critical2023-11-02
CVE-2023-45344 Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) — Online Food Ordering SystemCWE-89 9.8 Critical2023-11-02
CVE-2023-45342 Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) — Online Food Ordering SystemCWE-89 9.8 Critical2023-11-02
CVE-2023-45340 Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) — Online Food Ordering SystemCWE-89 9.8 Critical2023-11-02
CVE-2023-45336 Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) — Online Food Ordering SystemCWE-89 9.8 Critical2023-11-02
CVE-2023-45334 Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) — Online Food Ordering SystemCWE-89 9.8 Critical2023-11-02
CVE-2023-45325 Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) — Online Food Ordering SystemCWE-89 9.8 Critical2023-11-02
CVE-2023-45323 Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) — Online Food Ordering SystemCWE-89 9.8 Critical2023-11-02
CVE-2023-45019 Online Bus Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) — Online Bus Booking SystemCWE-89 9.8 Critical2023-11-02
CVE-2023-45018 Online Bus Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) — Online Bus Booking SystemCWE-89 9.8 Critical2023-11-02

Vulnerabilities classified as access:pre-auth represent 19070 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.