Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19070

19070 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2023-4975 Website Builder by SeedProd <= 6.15.13.1 - Cross-Site Request Forgery to Settings Update — Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance ModeCWE-352 4.3 Medium2023-10-20
CVE-2023-4942 BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Manipulation — BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.NetCWE-352 4.3 Medium2023-10-20
CVE-2023-4402 Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via products — Essential Blocks ProCWE-502 8.1 High2023-10-20
CVE-2023-34051 VMware Aria Operations for Logs 安全漏洞 — VMware Aria Operations for Logs 9.8 -2023-10-20
CVE-2023-45471 QAD Search Server 跨站脚本漏洞 — n/a 6.1 -2023-10-20
CVE-2023-41894 Local-only webhooks externally accessible via SniTun in Home Assistant Core — coreCWE-669 5.3 Medium2023-10-19
CVE-2023-35187 SolarWinds Access Rights Manager Directory Traversal Remote Code Execution Vulnerability — Access Rights ManagerCWE-22 8.8 High2023-10-19
CVE-2023-35182 SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability — Access Rights ManagerCWE-502 8.8 High2023-10-19
CVE-2023-35184 SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability — Access Rights ManagerCWE-502 8.8 High2023-10-19
CVE-2022-24401 Keystream recovery for arbitrary frames in TETRA — TETRA StandardCWE-323 8.8 High2023-10-19
CVE-2023-5254 AI ChatBot <= 4.8.9 - Unauthenticated Sensitive Information Exposure via qcld_wb_chatbot_check_user — WPBot – AI ChatBot for Live Support, Lead Generation, AI ServicesCWE-200 5.3 Medium2023-10-19
CVE-2023-5204 AI ChatBot <= 4.8.9 - Unauthenticated SQL Injection via qc_wpbo_search_response — WPBot – AI ChatBot for Live Support, Lead Generation, AI ServicesCWE-89 9.8 Critical2023-10-19
CVE-2023-4645 Ad Inserter <= 2.7.30 - Unauthenticated Sensitive Information Exposure via ai_ajax — Ad Inserter – Ad Manager & AdSense AdsCWE-862 5.3 Medium2023-10-19
CVE-2023-30131 IXP Data EasyInstall 安全漏洞 — n/a 9.8 -2023-10-19
CVE-2023-45992 Ruckus Wireless Ruckus CloudPath 跨站脚本漏洞 — n/a 9.6 -2023-10-19
CVE-2023-5642 Advantech R-SeeNet Unauthenticated Read/Write — R-SeeNetCWE-200 9.8 Critical2023-10-18
CVE-2023-45727 Proself 代码问题漏洞 — Proself Enterprise/Standard Edition 7.5 -2023-10-18
CVE-2023-5538 MpOperationLogs <= 1.0.1 - Unauthenticated Stored Cross-Site Scripting — mpOperationLogsCWE-79 7.2 High2023-10-18
CVE-2023-3254 Widgets for Google Reviews <= 10.9 - Cross-Site Request Forgery to Plugin Settings Reset — Widgets for Google ReviewsCWE-352 4.3 Medium2023-10-18
CVE-2023-45911 Wipotec ComScale 安全漏洞 — n/a 9.8 -2023-10-18
CVE-2023-45912 Wipotec ComScale 信息泄露漏洞 — n/a 7.5 -2023-10-18
CVE-2023-22130 Oracle Sun ZFS Storage Appliance 安全漏洞 — Sun ZFS Storage Appliance Kit (AK) Software 5.9 Medium2023-10-17
CVE-2023-22126 Oracle Fusion Middleware 安全漏洞 — WebCenter Content 5.3 Medium2023-10-17
CVE-2023-22128 Oracle Solaris 安全漏洞 — Solaris Operating System 3.1 Low2023-10-17
CVE-2023-22121 Oracle Financial Services Applications 安全漏洞 — Banking Trade Finance 5.4 Medium2023-10-17
CVE-2023-22107 Oracle E-Business Suite 安全漏洞 — Enterprise Command Center Framework 6.1 Medium2023-10-17
CVE-2023-22108 Oracle Fusion Middleware 安全漏洞 — WebLogic Server 7.5 High2023-10-17
CVE-2023-22101 Oracle Fusion Middleware 安全漏洞 — WebLogic Server 8.1 High2023-10-17
CVE-2023-22102 Oracle MySQL 安全漏洞 — MySQL Connectors 8.3 High2023-10-17
CVE-2023-22093 Oracle E-Business Suite 安全漏洞 — iRecruitment 6.5 Medium2023-10-17

Vulnerabilities classified as access:pre-auth represent 19070 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.