Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19263

19263 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2023-4719 Simple Membership <= 4.3.5 - Reflected Cross-Site Scripting — Simple MembershipCWE-79 7.2 High2023-09-06
CVE-2023-4485 ARDEREG Sistemas SCADA SQL Injection — Sistemas SCADACWE-89 9.8 Critical2023-09-05
CVE-2023-39361 Unauthenticated SQL Injection in graph_view.php in Cacti — cactiCWE-89 9.8 Critical2023-09-05
CVE-2023-4310 BeyondTrust Privileged Remote Access 和Remote Support 命令注入漏洞 — Privileged Remote Access (PRA)CWE-77 9.8 -2023-09-05
CVE-2023-36492 SHIRASAGI 跨站脚本漏洞 — SHIRASAGI 6.1 -2023-09-05
CVE-2023-39938 Video Insight 跨站脚本漏洞 — VI Web Client 6.1 -2023-09-05
CVE-2023-38574 Video Insight 输入验证错误漏洞 — VI Web Client 6.1 -2023-09-05
CVE-2023-2813 Multiple Themes - Reflected XSS — Aapna 9.8 -2023-09-04
CVE-2023-4059 Profile Builder < 3.9.8 - Unauthenticated Plugin's Pages Creation — Profile Builder 4.3 -2023-09-04
CVE-2023-39983 MXsecurity Register Database Pollution — MXsecurity SeriesCWE-915 5.3 Medium2023-09-02
CVE-2022-22305 多款Fortinet产品信任管理问题漏洞 — FortiAnalyzerCWE-297 5.4 Medium2023-09-01
CVE-2023-36187 NETGEAR R6400v2 安全漏洞 — n/a 9.8 -2023-09-01
CVE-2023-4481 Junos OS and Junos OS Evolved: A crafted BGP UPDATE message allows a remote attacker to de-peer (reset) BGP sessions (CVE-2023-4481) — Junos OSCWE-20 7.5 High2023-08-31
CVE-2023-41747 Acronis Cloud Manager 输入验证错误漏洞 — Acronis Cloud ManagerCWE-22 7.5 -2023-08-31
CVE-2023-4471 Order Tracking Pro <= 3.3.6 - Reflected Cross-Site Scripting — Order Tracking – WordPress Status Tracking PluginCWE-79 6.1 Medium2023-08-31
CVE-2023-2352 CHP Ads Block Detector <= 3.9.4 - Cross-Site Request Forgery via chp_abd_action — CHP Ads Block DetectorCWE-352 4.3 Medium2023-08-31
CVE-2023-3764 WooCommerce PDF Invoice Builder <= 1.2.90 - Cross-Site Request Forgery via Save — PDF Builder for WooCommerce. Create invoices,packing slips and moreCWE-352 4.3 Medium2023-08-31
CVE-2023-2279 WP Directory Kit <= 1.2.1 - Cross-Site Request Forgery to Plugin Settings Change/Delete, Demo Import, Directory Kit Modification/Deletion via admin_page_display — WP Directory KitCWE-352 5.4 Medium2023-08-31
CVE-2023-4000 Waiting: One-click countdowns <= 0.6.2 - Cross-Site Request Forgery — Waiting: One-click countdownsCWE-352 6.3 Medium2023-08-31
CVE-2023-4315 Woo Custom Emails <= 2.2 - Reflected Cross-Site Scripting via wcemails_edit — Woo Custom EmailsCWE-79 6.1 Medium2023-08-31
CVE-2023-3162 Stripe Payment Plugin for WooCommerce <= 3.7.7 - Authentication Bypass — Payment Gateway of Stripe for WooCommerceCWE-288 9.8 Critical2023-08-31
CVE-2023-4161 WooCommerce PDF Invoice Builder <= 1.2.90 - Cross-Site Request Forgery to Custom Field Creation — PDF Builder for WooCommerce. Create invoices,packing slips and moreCWE-352 4.3 Medium2023-08-31
CVE-2023-31424 Web authentication and authorization bypass — SANnavCWE-290 8.1 High2023-08-31
CVE-2023-3136 MailArchiver <= 2.10.1 - Unauthenticated Stored Cross-Site Scripting via Email Subject — MailArchiverCWE-79 7.2 High2023-08-30
CVE-2023-4596 Forminator <= 1.24.6 - Unauthenticated Arbitrary File Upload — Forminator Forms – Contact Form, Payment Form & Custom Form BuilderCWE-434 9.8 Critical2023-08-30
CVE-2023-39268 Memory Corruption Vulnerability in ArubaOS-Switch — ArubaOS-Switch 4.5 Medium2023-08-29
CVE-2023-39266 Unauthenticated Stored Cross-Site Scripting in ArubaOS-Switch — ArubaOS-Switch 8.3 High2023-08-29
CVE-2023-41266 Qlik Sense 输入验证错误漏洞 — n/a 8.2 High2023-08-29
CVE-2023-38030 Saho ADM100&ADM-100FP - Execute Code — ADM100CWE-306 7.5 High2023-08-28
CVE-2023-38029 Saho ADM100&ADM-100FP - Arbitrary File Upload — ADM100CWE-434 9.8 Critical2023-08-28

Vulnerabilities classified as access:pre-auth represent 19263 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.