access:pre-auth — CVE vulnerabilities tagged 18829

18829 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2019-25513	Jettweb PHP Hazir Haber Sitesi Scripti V3 SQL Injection via datagetir.php — Hazir Haber Sitesi ScriptiCWE-89	8.2	High	2026-03-12
CVE-2019-25511	Jettweb PHP Hazir Haber Sitesi Scripti V3 SQL Injection — Hazir Haber Sitesi ScriptiCWE-89	8.2	High	2026-03-12
CVE-2019-25510	Jettweb PHP Hazir Haber Sitesi Scripti V2 Authentication Bypass — Hazir Haber Sitesi ScriptiCWE-89	8.2	High	2026-03-12
CVE-2019-25509	XooDigital Lastest Latest SQL Injection via results.php — XooDigitalCWE-89	8.2	High	2026-03-12
CVE-2019-25508	Jettweb Php Hazir Ilan Sitesi Scripti V2 SQL Injection via katgetir.php — Hazir Ilan Sitesi ScriptiCWE-89	8.2	High	2026-03-12
CVE-2019-25488	Jettweb Hazir Rent A Car Scripti V4 SQL Injection via admin — Rent A Car ScriptiCWE-89	8.2	High	2026-03-12
CVE-2019-25482	Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 SQL Injection — Hazir Rent A Car Sitesi ScriptiCWE-89	8.2	High	2026-03-12
CVE-2019-25481	iScripts ReserveLogic Lastest SQL Injection via search endpoint — iScripts ReserveLogicCWE-89	8.2	High	2026-03-12
CVE-2019-25479	Inout RealEstate Lastest SQL Injection via agentlistdetails — Inout RealEstateCWE-89	8.2	High	2026-03-12
CVE-2026-4041	Tenda i12 exeCommand vos_strcpy stack-based overflow — i12CWE-121	8.8	High	2026-03-12
CVE-2026-2987	Simple Ajax Chat <= 20260217 - Unauthenticated Stored Cross-Site Scripting via 'c' — Simple Ajax Chat – Add a Fast, Secure Chat BoxCWE-79	6.1	Medium	2026-03-12
CVE-2026-3060	CVE-2026-3060 — SGLang	9.8^AI	Critical^AI	2026-03-12
CVE-2026-3059	CVE-2026-3059 — SGLang	9.8^AI	Critical^AI	2026-03-12
CVE-2025-15473	Timetics < 1.0.52 - Unauthenticated Payment/Booking Status Update — Timetics	5.3^AI	Medium^AI	2026-03-12
CVE-2026-3657	My Sticky Bar <= 2.8.6 - Unauthenticated SQL Injection via 'stickymenu_contact_lead_form' Action — My Sticky Bar – Floating Notification Bar & Sticky Header (formerly myStickymenu)CWE-89	7.5	High	2026-03-12
CVE-2026-25823	HMS Ewon Flexy和HMS Networks HMS Cosy+ 安全漏洞 — n/a	9.8	-	2026-03-12
CVE-2026-25819	HMS Cosy+和HMS Ewon Flexy 安全漏洞 — n/a	7.5	-	2026-03-12
CVE-2026-32136	AdGuard Home: HTTP/2 Cleartext (h2c) Upgrade Authentication Bypass — AdGuardHomeCWE-287	9.8	Critical	2026-03-11
CVE-2026-32130	ZITADEL SCIM Authentication Bypass via URL Encoding — zitadelCWE-288	7.5	High	2026-03-11
CVE-2026-32111	ha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracle — ha-mcpCWE-918	5.3	Medium	2026-03-11
CVE-2026-32096	Plunk has SSRF via unvalidated AWS SNS SubscriptionConfirmation in POST /webhooks/sns — plunkCWE-918	9.3	Critical	2026-03-11
CVE-2026-31888	Shopware has user enumeration via distinct error codes on Store API login endpoint — coreCWE-204	5.3	Medium	2026-03-11
CVE-2026-31887	Shopware unauthenticated data extraction possible through store-api.order endpoint — coreCWE-863	9.1^AI	Critical^AI	2026-03-11
CVE-2026-31881	Runtipi unauthenticated /api/auth/reset-password allows operator account takeover during active reset window — runtipiCWE-306	7.7	High	2026-03-11
CVE-2019-25487	SAPIDO RB-1732 V2.0.43 Remote Command Execution via formSysCmd — RB-1732CWE-639	9.8	Critical	2026-03-11
CVE-2019-25486	Varient 1.6.1 SQL Injection via user_id Parameter — Varient SQL Inj.CWE-89	8.2	High	2026-03-11
CVE-2019-25480	ARMBot Unrestricted File Upload via upload.php — ARMBotCWE-22	7.5	High	2026-03-11
CVE-2019-25472	IntelBras Telefone IP TIP200/200 LITE Arbitrary File Read via dumpConfigFile — Telefone IP TIP 200CWE-73	7.5	High	2026-03-11
CVE-2019-25468	NetGain EM Plus 10.1.68 Remote Code Execution via script_test.jsp — NetGain EM PlusCWE-94	9.8	Critical	2026-03-11
CVE-2019-25465	Hisilicon HiIpcam V100R003 Information Disclosure via Directory Traversal — HiIpcamCWE-260	7.5	High	2026-03-11

Vulnerabilities classified as access:pre-auth represent 18829 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

access:pre-auth — CVE vulnerabilities tagged 18829