Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19284

19284 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2023-20262 Cisco Catalyst SD-WAN Manager 安全漏洞 — Cisco SD-WAN SolutionCWE-399 5.3 Medium2023-09-27
CVE-2023-20034 Cisco SD-WAN vManage 安全漏洞 — Cisco SD-WAN vManageCWE-798 7.5 High2023-09-27
CVE-2023-4129 Dell Data Protection Central 加密问题漏洞 — Data Protection CentralCWE-326 5.9 Medium2023-09-27
CVE-2023-40049 WS_FTP Server Information Disclosure via Directory Listing — WS_FTP ServerCWE-200 5.3 Medium2023-09-27
CVE-2023-4003 One Identity Password Manager version 5.9.7.1 - Unauthenticated physical access privilege escalation — OneCWE-250 7.6 High2023-09-27
CVE-2023-43314 Zyxel PMG 安全漏洞 — PMG2005-T20BCWE-120 7.5 High2023-09-27
CVE-2023-41323 Users login enumeration by unauthenticated user in GLPI — glpiCWE-200 5.3 Medium2023-09-26
CVE-2023-36851 Junos OS: SRX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload and download arbitrary files — Junos OSCWE-306 5.3 Medium2023-09-26
CVE-2023-28055 Dell NetWorker 授权问题漏洞 — NetWorkerCWE-285 8.8 High2023-09-26
CVE-2023-39378 SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') by an unauthenticated user — SiberianCMSCWE-89 8.8 High2023-09-26
CVE-2023-43614 WordPress Plugin Welcart e-Commerce 跨站脚本漏洞 — Welcart e-Commerce 6.1 -2023-09-26
CVE-2023-43484 WordPress Plugin Welcart e-Commerce 跨站脚本漏洞 — Welcart e-Commerce 6.1 -2023-09-26
CVE-2023-41962 WordPress plugin Welcart e-Commerce 安全漏洞 — Welcart e-Commerce 6.1 -2023-09-26
CVE-2023-41233 WordPress plugin Welcart e-Commerce 跨站脚本漏洞 — Welcart e-Commerce 6.1 -2023-09-26
CVE-2023-4521 Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE — Import XML and RSS Feeds 9.8 -2023-09-25
CVE-2023-4490 WP Job Portal < 2.0.6 - Unauthenticated SQLi — WP Job Portal 9.8 -2023-09-25
CVE-2023-42811 AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure — AEADsCWE-347 4.7 Medium2023-09-22
CVE-2023-43090 Gnome-shell: screenshot tool allows viewing open windows when session is locked 5.5 Medium2023-09-22
CVE-2023-43762 WithSecure products 安全漏洞 — n/a 9.8 -2023-09-22
CVE-2023-4292 Frauscher FDS101 for FAdC/FAdCi SQL injection vulnerability — FDS101 for FAdC/FAdCiCWE-89 5.3 Medium2023-09-21
CVE-2023-4152 Frauscher FDS101 for FAdC/FAdCi path traversal vulnerability — FDS101 for FAdC/FAdCiCWE-22 7.5 High2023-09-21
CVE-2023-4291 Frauscher FDS101 for FAdC/FAdCi remote code execution vulnerability — FDS101 for FAdC/FAdCiCWE-94 9.8 Critical2023-09-21
CVE-2023-39252 Dell EMC SCG Policy Manager 加密问题漏洞 — Secure Connect Gateway (SCG) Policy ManagerCWE-327 5.9 Medium2023-09-21
CVE-2022-3596 Instack-undercloud: rsync leaks information to undercloud — Red Hat OpenStack Platform 13.0 - ELSCWE-402 7.5 High2023-09-20
CVE-2023-2508 CSRF in PaperCutNG Mobility Print leads to sophisticated phishing — Mobility PrintCWE-352 5.3 Medium2023-09-20
CVE-2023-43478 Unauthenticated configuration restore and firmware update — Smart Modem Gen 2 (Arcadyan LH1000) 8.8 High2023-09-20
CVE-2023-25529 NVIDIA DGX 安全漏洞 — DGX H100 BMCCWE-208 8.0 High2023-09-20
CVE-2023-25528 NVIDIA DGX 缓冲区错误漏洞 — DGX H100 BMCCWE-121 8.8 High2023-09-20
CVE-2023-43134 Netis 360RAC1200 安全漏洞 — n/a 9.8 -2023-09-20
CVE-2023-43135 TP-LINK TL-ER5120G 安全漏洞 — n/a 9.8 -2023-09-20

Vulnerabilities classified as access:pre-auth represent 19284 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.