Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18829

18829 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2018-25159 Epross AVCON6 OGNL Remote Code Execution via login.action — AVCON6 systems management platformCWE-1334 9.8 Critical2026-03-11
CVE-2026-31874 Taskosaur Improper Role Assignment via Parameter Manipulation in User Registration — TaskosaurCWE-284 9.8 Critical2026-03-11
CVE-2026-20118 Cisco IOS-XR NCS 5500 and NCS 5700 Egress Packet Network Interfaces Aligner Interrupt Denial of Service Vulnerability — Cisco IOS XR SoftwareCWE-460 6.8 Medium2026-03-11
CVE-2026-20117 Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities — Cisco Unified Contact Center ExpressCWE-79 6.1 Medium2026-03-11
CVE-2026-20116 Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities — Cisco Unified Contact Center ExpressCWE-79 6.1 Medium2026-03-11
CVE-2026-20074 Cisco IOS XR Software Multi-Instance Intermediate System-to-Intermediate System Denial of Service Vulnerability — Cisco IOS XR SoftwareCWE-1287 7.4 High2026-03-11
CVE-2025-13929 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 7.5 High2026-03-11
CVE-2025-14513 Improper Validation of Specified Quantity in Input in GitLab — GitLabCWE-1284 7.5 High2026-03-11
CVE-2026-1069 Uncontrolled Recursion in GitLab — GitLabCWE-674 7.5 High2026-03-11
CVE-2026-27897 Vociferous Unauthenticated Remote Path Traversal (RCE via CSRF) — VociferousCWE-22 10.0 Critical2026-03-11
CVE-2026-3013 Path Traversal in Coppermine Photo Gallery — Coppermine Photo GalleryCWE-22 7.5AIHighAI2026-03-11
CVE-2026-30903 Zoom Workplace 安全漏洞 — Zoom WorkplaceCWE-73 9.6 Critical2026-03-11
CVE-2026-32062 OpenClaw 2026.2.21-2 < 2026.2.22 - Unauthenticated WebSocket Resource Exhaustion via Media Stream — openclawCWE-770 7.5 High2026-03-11
CVE-2026-3496 JetBooking <= 4.0.3 - Unauthenticated SQL Injection via 'check_in_date' Parameter — JetBookingCWE-89 7.5 High2026-03-11
CVE-2026-3178 Name Directory <= 1.32.1 - Unauthenticated Stored Cross-Site Scripting via 'name_directory_name' — Name DirectoryCWE-79 7.2 High2026-03-11
CVE-2026-3231 Checkout Field Editor (Checkout Manager) for WooCommerce <= 2.1.7 - Unauthenticated Stored Cross-Site Scripting via Block Checkout Custom Radio Field — Checkout Field Editor (Checkout Manager) for WooCommerceCWE-79 7.2 High2026-03-11
CVE-2026-1454 Responsive Contact Form Builder & Lead Generation Plugin <= 2.0.1 - Unauthenticated Stored Cross-Site Scripting — Lead Form Builder & Contact FormCWE-79 7.2 High2026-03-11
CVE-2026-3903 Modular Connector <= 2.5.1 - Cross-Site Request Forgery via postConfirmOauth — Modular DS: Monitor, update, and backup multiple websitesCWE-352 4.3 Medium2026-03-11
CVE-2026-1708 Appointment Booking Calendar <= 1.6.9.27 - Unauthenticated SQL Injection via 'append_where_sql' Parameter — Appointment Booking Calendar — Simply Schedule Appointments Booking PluginCWE-89 7.5 High2026-03-11
CVE-2026-3826 WellChoose|IFTOP - Local File Inclusion — IFTOPCWE-98 9.8 Critical2026-03-11
CVE-2026-2631 Datalogics Ecommerce Delivery < 2.6.60 - Unauthenticated Privilege Escalation — Datalogics Ecommerce Delivery 9.8AICriticalAI2026-03-11
CVE-2026-2626 Divi Booster < 5.0.2 - Unauthenticated PHP Object Injection — divi-booster 7.5AIHighAI2026-03-11
CVE-2026-1867 WP Front User Submit < 5.0.6 - Unauthenticated Sensitive Information Exposure — Guest posting / Frontend Posting / Front Editor 7.5AIHighAI2026-03-11
CVE-2026-3222 WP Maps <= 4.9.1 - Unauthenticated SQL Injection via 'location_id' Parameter — WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & FiltersCWE-89 7.5 High2026-03-11
CVE-2026-2413 Ally – Web Accessibility & Usability <= 4.0.3 - Unauthenticated SQL Injection via URL Path — Ally – Web Accessibility & UsabilityCWE-89 7.5 High2026-03-11
CVE-2026-23817 Unauthenticated Open Redirect allows URL Manipulation in Web Interface — AOS-CX 6.5 Medium2026-03-11
CVE-2026-23813 Authentication Bypass in Web Interface allows Unauthenticated Admin Password Reset — AOS-CX 9.8 Critical2026-03-11
CVE-2025-12473 RTMKit <= 1.6.8 - Reflected Cross-Site Scripting via 'themebuilder' Parameter — RTMKitCWE-79 6.1 Medium2026-03-11
CVE-2026-1781 MC4WP: Mailchimp for WordPress <= 4.11.1 - Missing Authorization to Unauthenticated Arbitrary Subscription Deletion — MC4WP: Mailchimp for WordPressCWE-862 6.5 Medium2026-03-11
CVE-2026-2324 LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.7 - Cross-Site Request Forgery in Booking Form Settings Update to Stored Cross-Site Scripting — LatePoint – Calendar Booking Plugin for Appointments and EventsCWE-352 6.1 Medium2026-03-11

Vulnerabilities classified as access:pre-auth represent 18829 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.