Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19253

19253 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2023-4520 FV Flowplayer Video Player <= 7.5.37.7212 - Insufficient Input Validation to Unauthenticated Stored Cross-Site Scripting and Arbitrary Usermeta Update — FV Flowplayer Video PlayerCWE-79 5.4 Medium2023-08-25
CVE-2023-40599 SYNCK GRAPHICA Mailform Pro CGI 安全漏洞 — Mailform Pro CGI 7.5 -2023-08-25
CVE-2023-40570 Datasette 1.0 alpha series leaks names of databases and tables to unauthenticated users — datasetteCWE-213 5.3 Medium2023-08-25
CVE-2023-39289 Mitel MiVoice Connect 安全漏洞 — n/a 4.3 -2023-08-25
CVE-2023-3705 Information Disclosure Vulnerability in CP-Plus Network Video Recorder — CP-VNR-3104, CP-VNR-3108, CP-VNR-3208CWE-200 7.5 High2023-08-24
CVE-2023-3704 Timestamp Modification Vulnerability in CP-Plus Digital Video Recorder — CP-UVR-1601E1-HC, CP-UVR-1601E2-H, CP-UVR-1601E1-H, CP-UVR-0801F1-HC, CP-UVR-0801K1-H, CP-UVR-0801K1B-H, CP-UVR-0808K1-H, CP-UVR-0401L1-4KH, CP-UVR-0401L1B-4KH 5.3 Medium2023-08-24
CVE-2023-20169 Cisco 多款产品输入验证错误漏洞 — Cisco NX-OS SoftwareCWE-788 7.4 High2023-08-23
CVE-2023-20168 Cisco NX-OS Software 输入验证错误漏洞 — Cisco NX-OS SoftwareCWE-120 7.1 High2023-08-23
CVE-2023-4404 Donation Forms by Charitable <= 1.7.0.12 - Unauthenticated Privilege Escalation — Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & MoreCWE-269 9.8 Critical2023-08-23
CVE-2023-37440 Authenticated Server-Side Request Forgery (SSRF) Leading to Information Disclosure — EdgeConnect SD-WAN Orchestrator 5.5 Medium2023-08-22
CVE-2023-37425 Unauthenticated Stored Cross-Site Scripting Vulnerability (XSS) in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface — EdgeConnect SD-WAN Orchestrator 8.0 High2023-08-22
CVE-2023-37424 Unauthenticated Remote Code Execution in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface — EdgeConnect SD-WAN Orchestrator 8.1 High2023-08-22
CVE-2022-48547 Cacti 跨站脚本漏洞 — n/a 6.1 -2023-08-22
CVE-2023-39939 LuxSoft LuxCal Web Calendar SQL注入漏洞 — LuxCal Web Calendar 9.1 -2023-08-21
CVE-2023-39543 LuxSoft LuxCal Web Calendar 跨站脚本漏洞 — LuxCal Web Calendar 6.1 -2023-08-21
CVE-2023-20212 ClamAV 安全漏洞 — Cisco Secure EndpointCWE-825 7.5 High2023-08-18
CVE-2023-39454 ELECOM WRC-X1800GS-B 安全漏洞 — WRC-X1800GS-BCWE-120 9.8 -2023-08-18
CVE-2023-39445 ELECOM LAN-WH300N/RE 安全漏洞 — LAN-WH300N/RE 8.4 -2023-08-18
CVE-2023-38132 ELECOM LAN-W451NGR 安全漏洞 — LAN-W451NGR 9.8 -2023-08-18
CVE-2023-35991 Logitec LAN 安全漏洞 — LAN-W300N/DR 8.8 -2023-08-18
CVE-2023-32626 Logitec LAN 安全漏洞 — LAN-W300N/RS 9.8 -2023-08-18
CVE-2023-39415 Proself 授权问题漏洞 — Proself Enterprise/Standard Edition 9.1 -2023-08-18
CVE-2023-4040 WordPress plugin Stripe Payment Plugin for WooCommerce 安全漏洞 — Stripe Payment Plugin for WooCommerce 5.3 Medium2023-08-18
CVE-2023-36846 Junos OS: SRX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload arbitrary files — Junos OSCWE-306 5.3 Medium2023-08-17
CVE-2023-36845 Junos OS: EX and SRX Series: A PHP vulnerability in J-Web allows an unauthenticated to control an important environment variable — Junos OSCWE-473 9.8 Critical2023-08-17
CVE-2023-36844 Junos OS: EX Series: A PHP vulnerability in J-Web allows an unauthenticated attacker to control important environment variables — Junos OSCWE-473 5.3 Medium2023-08-17
CVE-2023-36847 Junos OS: EX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload arbitrary files — Junos OSCWE-306 5.3 Medium2023-08-17
CVE-2023-2917 Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerability — ThinManager ThinServerCWE-20 9.8 Critical2023-08-17
CVE-2023-2915 Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerability — ThinManager ThinServerCWE-20 7.5 High2023-08-17
CVE-2023-35009 IBM Cognos Analytics information disclosure — Cognos AnalyticsCWE-209 5.3 Medium2023-08-16

Vulnerabilities classified as access:pre-auth represent 19253 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.