Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19401

19401 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2023-4481 Junos OS and Junos OS Evolved: A crafted BGP UPDATE message allows a remote attacker to de-peer (reset) BGP sessions (CVE-2023-4481) — Junos OSCWE-20 7.5 High2023-08-31
CVE-2023-41747 Acronis Cloud Manager 输入验证错误漏洞 — Acronis Cloud ManagerCWE-22 7.5 -2023-08-31
CVE-2023-4471 Order Tracking Pro <= 3.3.6 - Reflected Cross-Site Scripting — Order Tracking – WordPress Status Tracking PluginCWE-79 6.1 Medium2023-08-31
CVE-2023-2352 CHP Ads Block Detector <= 3.9.4 - Cross-Site Request Forgery via chp_abd_action — CHP Ads Block DetectorCWE-352 4.3 Medium2023-08-31
CVE-2023-3764 WooCommerce PDF Invoice Builder <= 1.2.90 - Cross-Site Request Forgery via Save — PDF Builder for WooCommerce. Create invoices,packing slips and moreCWE-352 4.3 Medium2023-08-31
CVE-2023-2279 WP Directory Kit <= 1.2.1 - Cross-Site Request Forgery to Plugin Settings Change/Delete, Demo Import, Directory Kit Modification/Deletion via admin_page_display — WP Directory KitCWE-352 5.4 Medium2023-08-31
CVE-2023-4000 Waiting: One-click countdowns <= 0.6.2 - Cross-Site Request Forgery — Waiting: One-click countdownsCWE-352 6.3 Medium2023-08-31
CVE-2023-4315 Woo Custom Emails <= 2.2 - Reflected Cross-Site Scripting via wcemails_edit — Woo Custom EmailsCWE-79 6.1 Medium2023-08-31
CVE-2023-3162 Stripe Payment Plugin for WooCommerce <= 3.7.7 - Authentication Bypass — Payment Gateway of Stripe for WooCommerceCWE-288 9.8 Critical2023-08-31
CVE-2023-4161 WooCommerce PDF Invoice Builder <= 1.2.90 - Cross-Site Request Forgery to Custom Field Creation — PDF Builder for WooCommerce. Create invoices,packing slips and moreCWE-352 4.3 Medium2023-08-31
CVE-2023-31424 Web authentication and authorization bypass — SANnavCWE-290 8.1 High2023-08-31
CVE-2023-3136 MailArchiver <= 2.10.1 - Unauthenticated Stored Cross-Site Scripting via Email Subject — MailArchiverCWE-79 7.2 High2023-08-30
CVE-2023-4596 Forminator <= 1.24.6 - Unauthenticated Arbitrary File Upload — Forminator Forms – Contact Form, Payment Form & Custom Form BuilderCWE-434 9.8 Critical2023-08-30
CVE-2023-39268 Memory Corruption Vulnerability in ArubaOS-Switch — ArubaOS-Switch 4.5 Medium2023-08-29
CVE-2023-39266 Unauthenticated Stored Cross-Site Scripting in ArubaOS-Switch — ArubaOS-Switch 8.3 High2023-08-29
CVE-2023-41266 Qlik Sense 输入验证错误漏洞 — n/a 8.2 High2023-08-29
CVE-2023-38030 Saho ADM100&ADM-100FP - Execute Code — ADM100CWE-306 7.5 High2023-08-28
CVE-2023-38029 Saho ADM100&ADM-100FP - Arbitrary File Upload — ADM100CWE-434 9.8 Critical2023-08-28
CVE-2023-38028 Saho ADM100&ADM-100FP - Broken Access Control — ADM100CWE-306 9.1 Critical2023-08-28
CVE-2023-38027 SpotCam Co., Ltd. SpotCam Sense - Command Injection — SpotCam SenseCWE-78 9.8 Critical2023-08-28
CVE-2023-38025 SpotCam Co., Ltd. SpotCamFHD - Command Injection -1 — SpotCam FHD 2 9.8 Critical2023-08-28
CVE-2023-38024 SpotCam Co., Ltd. SpotCamFHD - Use of Hard-coded Cryptographic Key -1 — SpotCam FHD 2CWE-798 9.8 Critical2023-08-28
CVE-2023-41109 SySS SmartNode SN200 操作系统命令注入漏洞 — n/a 9.8 -2023-08-28
CVE-2023-40585 Unauthenticated access to Ironic API — ironic-imageCWE-306 7.3 High2023-08-25
CVE-2023-3425 CVE-2023-3425: Out-of-Bounds memory read — M-Files ServerCWE-125 6.5 Medium2023-08-25
CVE-2023-32757 e-Excellence U-Office Force - Arbitrary File Upload — U-Office ForceCWE-434 9.8 Critical2023-08-25
CVE-2023-32756 e-Excellence U-Office Force - Path Traversal — U-Office ForceCWE-22 7.5 High2023-08-25
CVE-2023-32755 e-Excellence U-Office Force - Error Message Leakage — U-Office ForceCWE-209 5.3 Medium2023-08-25
CVE-2023-4520 FV Flowplayer Video Player <= 7.5.37.7212 - Insufficient Input Validation to Unauthenticated Stored Cross-Site Scripting and Arbitrary Usermeta Update — FV Flowplayer Video PlayerCWE-79 5.4 Medium2023-08-25
CVE-2023-40599 SYNCK GRAPHICA Mailform Pro CGI 安全漏洞 — Mailform Pro CGI 7.5 -2023-08-25

Vulnerabilities classified as access:pre-auth represent 19401 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.