Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19283

19283 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2023-34133 SonicWALL Analytics和GMS SQL注入漏洞 — GMSCWE-89 7.5 -2023-07-13
CVE-2023-34131 SonicWALL Analytics和GMS 安全漏洞 — GMSCWE-200 5.3 -2023-07-13
CVE-2023-3362 Generation of Error Message Containing Sensitive Information in GitLab — GitLabCWE-209 5.3 Medium2023-07-13
CVE-2023-37567 ELECOM WRC 多款产品命令注入漏洞 — WRC-1167GHBK3-A 9.8 -2023-07-13
CVE-2023-37561 ELECOM WRH 输入验证错误漏洞 — WRH-300WH-H 6.1 -2023-07-13
CVE-2023-37560 ELECOM WRH 跨站脚本漏洞 — WRH-300WH-H 6.1 -2023-07-13
CVE-2023-20185 Cisco Nexus 9000 Series Fabric Switches 加密问题漏洞 — Cisco NX-OS System Software in ACI ModeCWE-330 7.4 High2023-07-12
CVE-2021-4427 Vuukle Comments, Reactions, Share Bar, Revenue <= 3.4.31 - Cross-Site Request Forgery Bypass — Vuukle Comments, Reactions, Share Bar, RevenueCWE-352 4.3 Medium2023-07-12
CVE-2021-4426 Absolute Reviews <= 1.0.8 - Cross-Site Request Forgery Bypass — Absolute ReviewsCWE-352 4.3 Medium2023-07-12
CVE-2020-36760 Ocean Extra <=1.6.5 - Cross-Site Request Forgery Bypass — Ocean ExtraCWE-352 4.3 Medium2023-07-12
CVE-2020-36761 Top 10 <= 2.9.4 - Cross-Site Request Forgery Bypass — WebberZone Top 10 — Popular PostsCWE-352 4.3 Medium2023-07-12
CVE-2021-4425 Defender Security <= 2.4.6 - Cross-Site Request Forgery Bypass — Defender Security – Malware Scanner, Login Security & FirewallCWE-352 4.3 Medium2023-07-12
CVE-2021-4423 RAYS Grid <= 1.2.2 - Cross-Site Request Forgery Bypass — RAYS GridCWE-352 4.3 Medium2023-07-12
CVE-2021-4424 Slider Hero <= 8.2.0 - Cross-Site Request Forgery Bypass — Slider Hero with Video Background, AnimationCWE-352 4.3 Medium2023-07-12
CVE-2021-4421 Advanced Popups <= 1.1.1 - Cross-Site Request Forgery Bypass — Advanced PopupsCWE-352 4.3 Medium2023-07-12
CVE-2021-4422 POST SMTP Mailer <= 2.0.20 - Cross-Site Request Forgery Bypass — Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile AppCWE-352 4.3 Medium2023-07-12
CVE-2020-36757 WP Hotel Booking <= 1.10.1 - Cross-Site Request Forgery Bypass — WP Hotel BookingCWE-352 4.3 Medium2023-07-12
CVE-2020-36756 10WebAnalytics <= 1.2.8 - Cross-Site Request Forgery Bypass — 10WebAnalyticsCWE-352 4.3 Medium2023-07-12
CVE-2021-4420 Sell Media <= 2.5.5 - Cross-Site Request Forgery Bypass — Sell MediaCWE-352 4.3 Medium2023-07-12
CVE-2021-4419 WP-Backgrounds Lite <= 2.3 - Cross-Site Request Forgery Bypass — WP-Backgrounds LiteCWE-352 4.3 Medium2023-07-12
CVE-2023-3081 WP Mail Logging <= 1.11.1 - Unauthenticated Stored Cross-Site Scripting via Email — WP Mail LoggingCWE-79 7.2 High2023-07-12
CVE-2023-3087 FluentSMTP <= 2.2.4 - Unauthenticated Stored Cross-Site Scripting via Email Subject — FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP ProviderCWE-79 7.2 High2023-07-12
CVE-2023-3166 Lana Email Logger <= 1.0.2 - Unauthenticated Stored Cross-Site Scripting via Email Subject — Lana Email LoggerCWE-79 7.2 High2023-07-12
CVE-2023-3167 Mail Queue <= 1.1 - Unauthenticated Stored Cross-Site Scripting via Email Subject — Mail QueueCWE-79 7.2 High2023-07-12
CVE-2023-2517 Metform Elementor Contact Form Builder <= 3.3.2 - Cross-Site Request Forgery via permalink_setup — MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for ElementorCWE-352 5.4 Medium2023-07-12
CVE-2023-3202 MStore API <= 3.9.6 - Cross-Site Request Forgery to Firebase Server Key Update — MStore API – Create Native Android & iOS Apps On The CloudCWE-352 4.3 Medium2023-07-12
CVE-2020-36752 Coming Soon & Maintenance Mode Page <= 1.57 - Cross-Site Request Forgery Bypass — Coming Soon & Maintenance Mode Page & Under ConstructionCWE-352 4.3 Medium2023-07-12
CVE-2023-3199 MStore API <= 3.9.6 - Cross-Site Request Forgery to Order Title Update — MStore API – Create Native Android & iOS Apps On The CloudCWE-352 4.3 Medium2023-07-12
CVE-2023-3088 WP Mail Log <= 1.1.1 - Unauthenticated Stored Cross-Site Scripting via Email — WP Mail LogCWE-79 7.2 High2023-07-12
CVE-2023-3092 SMTP Mail <= 1.3.46 - Unauthenticated Stored Cross-Site Scripting via Email Subject — SMTP MailCWE-79 7.2 High2023-07-12

Vulnerabilities classified as access:pre-auth represent 19283 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.