Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19275

19275 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2023-3122 GD Mail Queue <= 3.9.3 - Unauthenticated Stored Cross-Site Scripting via Email — GD Mail QueueCWE-79 7.2 High2023-07-12
CVE-2021-4417 Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.13.4 - Cross-Site Request Forgery Bypass — Forminator Forms – Contact Form, Payment Form & Custom Form BuilderCWE-352 5.4 Medium2023-07-12
CVE-2021-4415 Sunshine Photo Cart <= 2.8.28 - Cross-Site Request Forgery Bypass — Sunshine Photo Cart – Client Photo Gallery & Photo Proofing for PhotographersCWE-352 4.3 Medium2023-07-12
CVE-2021-4416 wp-mpdf <= 3.5.1 - Cross-Site Request Forgery Bypass — wp-mpdfCWE-352 4.3 Medium2023-07-12
CVE-2021-4413 Process Steps Template Designer <= 1.2.1 - Cross-Site Request Forgery Bypass — Process Steps Template DesignerCWE-352 4.3 Medium2023-07-12
CVE-2021-4414 Abandoned Cart Lite for WooCommerce <= 5.8.5 - Cross-Site Request Forgery Bypass — Abandoned Cart Lite for WooCommerceCWE-352 4.3 Medium2023-07-12
CVE-2021-4411 WP EasyPay – Square for WordPress <= 3.2.0 - Cross-Site Request Forgery Bypass — WP Easy Pay – Payment and Donation form Builder for SquareCWE-352 4.3 Medium2023-07-12
CVE-2021-4412 WP Prayer <= 1.6.5 - Cross-Site Request Forgery Bypass — WP PrayerCWE-352 4.3 Medium2023-07-12
CVE-2021-4409 WooCommerce Etsy Integration <= 3.3.1 - Cross-Site Request Forgery Bypass — Etsy Integration For WooCommerceCWE-352 4.3 Medium2023-07-12
CVE-2021-4410 Qtranslate Slug <= 1.1.18 - Cross-Site Request Forgery Bypass — Qtranslate SlugCWE-352 4.3 Medium2023-07-12
CVE-2021-4407 Custom Banners <= 3.2.2 - Cross-Site Request Forgery Bypass — Custom BannersCWE-352 4.3 Medium2023-07-12
CVE-2021-4408 DW Question & Answer <= 1.5.8 - Cross-Site Request Forgery Bypass — DW Question & AnswerCWE-352 4.3 Medium2023-07-12
CVE-2020-36750 EWWW Image Optimizer <= 5.8.1 - Cross-Site Request Forgery Bypass — EWWW Image OptimizerCWE-352 4.3 Medium2023-07-12
CVE-2023-26563 Syncfusion ej2-filemanager-node-filesystem 路径遍历漏洞 — n/a 9.8 -2023-07-12
CVE-2023-26564 Syncfusion EJ2 ASPCore File Provider 路径遍历漏洞 — n/a 9.1 -2023-07-12
CVE-2023-33274 PowerShield SNMP Web Pro 授权问题漏洞 — n/a 9.8 -2023-07-12
CVE-2023-37629 Online Piggery Management System 代码问题漏洞 — n/a 9.8 -2023-07-12
CVE-2023-37630 Online Piggery Management System 跨站脚本漏洞 — n/a 6.1 -2023-07-12
CVE-2023-3127 Improper Authentication in iSTAR — iSTAR UltraCWE-287 7.5 High2023-07-11
CVE-2023-34090 Decidim vulnerable to sensitive data disclosure — decidimCWE-200 7.5 High2023-07-11
CVE-2022-23447 Fortinet FortiExtender 路径遍历漏洞 — FortiExtenderCWE-22 7.3 High2023-07-11
CVE-2023-3354 Improper i/o watch removal in tls handshake can lead to remote unauthenticated denial of service — qemuCWE-476 7.5 High2023-07-11
CVE-2023-35921 Siemens SIMATIC 安全漏洞 — SIMATIC MV540 HCWE-400 7.5 High2023-07-11
CVE-2023-35920 Siemens SIMATIC 多款产品 安全漏洞 — SIMATIC MV540 HCWE-400 7.5 High2023-07-11
CVE-2022-31810 Siemens SiPass Integrated 缓冲区错误漏洞 — SiPass integratedCWE-20 7.5 High2023-07-11
CVE-2022-29562 Siemens RUGGEDCOM ROX 输入验证错误漏洞 — RUGGEDCOM ROX MX5000CWE-20 3.7 Low2023-07-11
CVE-2023-36925 Unauthenticated blind SSRF in SAP Solution Manager (Diagnostics agent) — SAP Solution Manager (Diagnostics agent)CWE-918 7.2 High2023-07-11
CVE-2023-36919 Information Disclosure in SAP Enable Now — SAP Enable NowCWE-213 5.3 Medium2023-07-11
CVE-2023-36918 Cross-Site Scripting vulnerability in SAP Enable Now — SAP Enable NowCWE-79 6.1 Medium2023-07-11
CVE-2023-35873 Missing Authentication check in SAP NetWeaver Process Integration (Runtime Workbench) — SAP NetWeaver Process Integration (Runtime Workbench)CWE-306 6.5 Medium2023-07-11

Vulnerabilities classified as access:pre-auth represent 19275 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.