Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19252

19252 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2023-4129 Dell Data Protection Central 加密问题漏洞 — Data Protection CentralCWE-326 5.9 Medium2023-09-27
CVE-2023-40049 WS_FTP Server Information Disclosure via Directory Listing — WS_FTP ServerCWE-200 5.3 Medium2023-09-27
CVE-2023-4003 One Identity Password Manager version 5.9.7.1 - Unauthenticated physical access privilege escalation — OneCWE-250 7.6 High2023-09-27
CVE-2023-43314 Zyxel PMG 安全漏洞 — PMG2005-T20BCWE-120 7.5 High2023-09-27
CVE-2023-41323 Users login enumeration by unauthenticated user in GLPI — glpiCWE-200 5.3 Medium2023-09-26
CVE-2023-36851 Junos OS: SRX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload and download arbitrary files — Junos OSCWE-306 5.3 Medium2023-09-26
CVE-2023-28055 Dell NetWorker 授权问题漏洞 — NetWorkerCWE-285 8.8 High2023-09-26
CVE-2023-39378 SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') by an unauthenticated user — SiberianCMSCWE-89 8.8 High2023-09-26
CVE-2023-43614 WordPress Plugin Welcart e-Commerce 跨站脚本漏洞 — Welcart e-Commerce 6.1 -2023-09-26
CVE-2023-43484 WordPress Plugin Welcart e-Commerce 跨站脚本漏洞 — Welcart e-Commerce 6.1 -2023-09-26
CVE-2023-41962 WordPress plugin Welcart e-Commerce 安全漏洞 — Welcart e-Commerce 6.1 -2023-09-26
CVE-2023-41233 WordPress plugin Welcart e-Commerce 跨站脚本漏洞 — Welcart e-Commerce 6.1 -2023-09-26
CVE-2023-4521 Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE — Import XML and RSS Feeds 9.8 -2023-09-25
CVE-2023-4490 WP Job Portal < 2.0.6 - Unauthenticated SQLi — WP Job Portal 9.8 -2023-09-25
CVE-2023-42811 AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure — AEADsCWE-347 4.7 Medium2023-09-22
CVE-2023-43090 Gnome-shell: screenshot tool allows viewing open windows when session is locked 5.5 Medium2023-09-22
CVE-2023-43762 WithSecure products 安全漏洞 — n/a 9.8 -2023-09-22
CVE-2023-4292 Frauscher FDS101 for FAdC/FAdCi SQL injection vulnerability — FDS101 for FAdC/FAdCiCWE-89 5.3 Medium2023-09-21
CVE-2023-4152 Frauscher FDS101 for FAdC/FAdCi path traversal vulnerability — FDS101 for FAdC/FAdCiCWE-22 7.5 High2023-09-21
CVE-2023-4291 Frauscher FDS101 for FAdC/FAdCi remote code execution vulnerability — FDS101 for FAdC/FAdCiCWE-94 9.8 Critical2023-09-21
CVE-2023-39252 Dell EMC SCG Policy Manager 加密问题漏洞 — Secure Connect Gateway (SCG) Policy ManagerCWE-327 5.9 Medium2023-09-21
CVE-2022-3596 Instack-undercloud: rsync leaks information to undercloud — Red Hat OpenStack Platform 13.0 - ELSCWE-402 7.5 High2023-09-20
CVE-2023-2508 CSRF in PaperCutNG Mobility Print leads to sophisticated phishing — Mobility PrintCWE-352 5.3 Medium2023-09-20
CVE-2023-43478 Unauthenticated configuration restore and firmware update — Smart Modem Gen 2 (Arcadyan LH1000) 8.8 High2023-09-20
CVE-2023-25529 NVIDIA DGX 安全漏洞 — DGX H100 BMCCWE-208 8.0 High2023-09-20
CVE-2023-25528 NVIDIA DGX 缓冲区错误漏洞 — DGX H100 BMCCWE-121 8.8 High2023-09-20
CVE-2023-43134 Netis 360RAC1200 安全漏洞 — n/a 9.8 -2023-09-20
CVE-2023-43135 TP-LINK TL-ER5120G 安全漏洞 — n/a 9.8 -2023-09-20
CVE-2023-32649 DoS on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0 — GuardianCWE-1286 7.5 High2023-09-19
CVE-2023-29245 SQL Injection on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0 — GuardianCWE-89 8.1 High2023-09-19

Vulnerabilities classified as access:pre-auth represent 19252 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.