Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19252

19252 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2023-47643 SuiteCRM has Unauthenticated Graphql Introspection Enabled — SuiteCRM-CoreCWE-200 3.1 Low2023-11-21
CVE-2023-5776 Post Meta Data Manager <= 1.2.1 - Cross-Site Request Forgery to Post, Term, and User Meta Deletion — Post Meta Data ManagerCWE-352 4.3 Medium2023-11-21
CVE-2023-4149 WAGO: OS Command Injection Vulnerability in Managed Switch — Industrial Managed Switch (0852-0602)CWE-78 9.8 Critical2023-11-21
CVE-2023-49105 ownCloud 安全漏洞 — n/a 9.8 Critical2023-11-21
CVE-2023-5640 Article Analytics <= 1.0 - Unauthenticated SQL injection — Article analytics 9.8AICriticalAI2023-11-20
CVE-2023-5652 WP Hotel Booking < 2.0.8 - Unauthenticated SQLi — WP Hotel Booking 9.8AICriticalAI2023-11-20
CVE-2023-5340 Five Star Restaurant Menu and Food Ordering < 2.4.11 - Unauthenticated PHP Object Injection — Five Star Restaurant Menu and Food Ordering 9.8AICriticalAI2023-11-20
CVE-2023-6197 Audio Merchant <= 5.0.4 - Cross-Site Request Forgery to Settings Modifcation and Stored Cross-Site Scripting — Audio MerchantCWE-352 5.4 Medium2023-11-20
CVE-2023-6196 Audio Merchant <= 5.0.4 - Cross-Site Request Forgery to Arbitrary File Upload — Audio MerchantCWE-352 8.8 High2023-11-20
CVE-2023-47175 LuxSoft LuxCal Web Calendar 安全漏洞 — LuxCal Web Calendar 6.1AIMediumAI2023-11-20
CVE-2023-46700 LuxSoft LuxCal Web Calendar 安全漏洞 — LuxCal Web Calendar 9.8AICriticalAI2023-11-20
CVE-2023-38880 Open Solutions For Education openSIS 安全漏洞 — n/a 7.5AIHighAI2023-11-20
CVE-2023-38884 Open Solutions For Education openSIS 安全漏洞 — n/a 7.5AIHighAI2023-11-20
CVE-2023-44355 ColdFusion | Improper Input Validation (CWE-20) — ColdFusionCWE-20 4.3 Medium2023-11-17
CVE-2023-26347 CVE-2023-38205 issues | ColdFusion Admin Panel Access — ColdFusionCWE-284 7.5 High2023-11-17
CVE-2023-44352 Unauthenticate Reflected XSS on Adobe Coldfusion 2018 - 2021 - 2023 last version — ColdFusionCWE-79 6.1 Medium2023-11-17
CVE-2023-22272 ZDI-CAN-21309: Adobe RoboHelp Server resolveDistinguishedName LDAP Injection Information Disclosure Vulnerability — RoboHelpCWE-20 7.5 High2023-11-17
CVE-2023-22275 ZDI-CAN-21306: Adobe RoboHelp Server GetNewUserId SQL Injection Information Disclosure Vulnerability — RoboHelpCWE-89 7.5 High2023-11-17
CVE-2023-22274 ZDI-CAN-21305: Adobe RoboHelp Server UpdateCommandStream XML External Entity Processing Information Disclosure Vulnerability — RoboHelpCWE-611 7.5 High2023-11-17
CVE-2023-44324 ZDI-CAN-21344: Adobe FrameMaker Publishing Server Authentication Bypass Vulnerability — Adobe Framemaker Publishing ServerCWE-287 9.8 Critical2023-11-17
CVE-2023-38130 Devellion CubeCart 跨站请求伪造漏洞 — CubeCart 8.1 -2023-11-17
CVE-2023-6020 Ray Static File Local File Include — ray-project/rayCWE-862 7.5 -2023-11-16
CVE-2023-6019 Ray Command Injection in cpu_profile Parameter — ray-project/rayCWE-78 9.8 Critical2023-11-16
CVE-2023-6021 Ray Log File Local File Include — ray-project/rayCWE-29 7.5 High2023-11-16
CVE-2023-6038 Local File Inclusion in h2oai/h2o-3 — h2oai/h2o-3CWE-862 7.5 -2023-11-16
CVE-2023-44345 Adobe InDesign CC 2023 Memory Corruption Vulnerability VII. — InDesign DesktopCWE-20 5.5 Medium2023-11-16
CVE-2023-44341 Adobe InDesign CC 2023 Memory Corruption Vulnerability I — InDesign DesktopCWE-476 5.5 Medium2023-11-16
CVE-2023-44347 Adobe InDesign CC 2023 Memory Corruption Vulnerability IX. — InDesign DesktopCWE-476 5.5 Medium2023-11-16
CVE-2023-47213 C-First DVR 安全漏洞 — CFR-904E, CFR-908E, CFR-916E 9.8 -2023-11-16
CVE-2023-47674 C-First DVR 安全漏洞 — CFR-904E, CFR-908E, CFR-916E 9.8 -2023-11-16

Vulnerabilities classified as access:pre-auth represent 19252 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.