Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19284

19284 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2023-32649 DoS on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0 — GuardianCWE-1286 7.5 High2023-09-19
CVE-2023-29245 SQL Injection on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0 — GuardianCWE-89 8.1 High2023-09-19
CVE-2023-5054 Super Store Finder <= 6.9.3 - Unauthenticated Email Creation/Sending — Super Store FinderCWE-862 5.8 Medium2023-09-19
CVE-2023-41030 Juplink RX4-1500 Hard-coded Credential Vulnerability — RX4-1500CWE-259 6.3 Medium2023-09-18
CVE-2023-35851 SUNNET WMPro - SQL Injection — WMProCWE-89 7.5 High2023-09-18
CVE-2023-3025 Dropbox Folder Share <= 1.9.7 - Unauthenticated Server-Side Request Forgery via 'link' — Dropbox Folder ShareCWE-918 7.2 High2023-09-16
CVE-2023-42442 JumpServer session replays download without authentication — jumpserverCWE-287 8.2 High2023-09-15
CVE-2023-0813 Network-observability-console-plugin-container: setting loki authtoken configuration to disable or host mode leads to authentication longer being enforced CWE-285 7.5 High2023-09-15
CVE-2023-41887 Remote Code exec in project import with mysql jdbc url attack — OpenRefineCWE-89 9.8 Critical2023-09-15
CVE-2023-41886 OpenRefine vulnerable to arbitrary file read in project import with mysql jdbc url attack — OpenRefineCWE-89 7.5 High2023-09-15
CVE-2023-37755 i-doit 信任管理问题漏洞 — n/a 9.8 -2023-09-14
CVE-2023-39285 Mitel MiVoice Connect 跨站请求伪造漏洞 — n/a 6.5 -2023-09-14
CVE-2023-39286 Mitel Connect Mobility Router 跨站请求伪造漏洞 — n/a 6.5 -2023-09-14
CVE-2023-4568 PaperCut NG Unauthenticated XMLRPC — PaperCut NGCWE-287 6.5 Medium2023-09-13
CVE-2023-20190 Cisco IOS XR 安全漏洞 — Cisco IOS XR SoftwareCWE-264 5.8 Medium2023-09-13
CVE-2023-20191 Cisco IOS XR 安全漏洞 — Cisco IOS XR SoftwareCWE-284 5.8 Medium2023-09-13
CVE-2023-20233 Cisco IOS XR 安全漏洞 — Cisco IOS XR SoftwareCWE-476 4.3 Medium2023-09-13
CVE-2023-3935 Wibu: Buffer Overflow in CodeMeter Runtime — CodeMeter RuntimeCWE-787 9.8 Critical2023-09-13
CVE-2021-44172 Fortinet FortiClientEms 信息泄露漏洞 — FortiClientEMSCWE-200 3.6 Medium2023-09-13
CVE-2023-27998 Fortinet FortiPresence 安全漏洞 — FortiPresenceCWE-756 5.3 Medium2023-09-13
CVE-2023-4916 Login with phone number <= 1.5.6 - Cross-Site Request Forgery to User Password Change — OTP Login With Phone Number, OTP VerificationCWE-352 8.8 High2023-09-13
CVE-2023-39208 Zoom Client 输入验证错误漏洞 — Zoom Desktop Client for LinuxCWE-79 6.5 Medium2023-09-12
CVE-2023-2071 FactoryTalk View Machine Edition Vulnerable to Remote Code Execution — FaCWE-20 9.8 Critical2023-09-12
CVE-2023-28831 SIMATIC Cloud Connect 输入验证错误漏洞 — SIMATIC BRAUMATCWE-190 7.5 High2023-09-12
CVE-2023-40621 Code Injection vulnerability in SAP PowerDesigner Client — SAP PowerDesigner ClientCWE-94 6.3 Medium2023-09-12
CVE-2023-40308 Memory Corruption vulnerability in SAP CommonCryptoLib — SAP CommonCryptoLibCWE-787 7.5 High2023-09-12
CVE-2023-37489 Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Version Management System) — SAP BusinessObjects Business Intelligence Platform (Version Management System)CWE-209 5.3 Medium2023-09-12
CVE-2023-40834 OpenCart 安全漏洞 — n/a 9.8 -2023-09-12
CVE-2023-41879 Magento LTS's guest order "protect code" can be brute-forced too easily — magento-ltsCWE-330 7.5 High2023-09-11
CVE-2023-4294 URL Shortify < 1.7.6 - Unauthenticated Stored XSS via referer header — URL Shortify 6.1 -2023-09-11

Vulnerabilities classified as access:pre-auth represent 19284 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.