Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19263

19263 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2023-35699 SICK ICR890-4 安全漏洞 — ICR890-4CWE-313 5.3 Medium2023-07-10
CVE-2023-35696 SICK ICR890-4 安全漏洞 — ICR890-4CWE-668 7.5 High2023-07-10
CVE-2023-3273 SICK ICR890-4 安全漏洞 — ICR890-4CWE-284 7.5 High2023-07-10
CVE-2023-3271 SICK ICR890-4 安全漏洞 — ICR890-4CWE-284 8.2 High2023-07-10
CVE-2023-3270 SICK ICR890-4 安全漏洞 — ICR890-4 8.6 High2023-07-10
CVE-2023-37152 Projectworlds Online Art gallery project 代码问题漏洞 — n/a 9.1 -2023-07-10
CVE-2023-37286 SmartBPM.NET - Use of Hard-Coded Credentials - 1 — SmartBPM.NETCWE-798 9.8 Critical2023-07-10
CVE-2023-37287 SmartBPM.NET - Use of Hard-Coded Credentials - 2 — SmartBPM.NETCWE-798 9.1 Critical2023-07-10
CVE-2023-37288 SmartBPM.NET - Path Traversal — SmartBPM.NETCWE-23 6.5 Medium2023-07-10
CVE-2023-20180 Cisco Webex Meetings 跨站请求伪造漏洞 — Cisco Webex MeetingsCWE-352 4.3 Medium2023-07-07
CVE-2023-37170 TOTOLINK A3300R 操作系统命令注入漏洞 — n/a 9.8 -2023-07-07
CVE-2023-20899 VMware SD-WAN 安全漏洞 — VMware SD-WAN (Edge) 7.5 -2023-07-06
CVE-2023-35940 GLPI vulnerable to unauthenticated access to Dashboard data — glpiCWE-284 7.5 High2023-07-05
CVE-2023-34244 GLPI vulnerable to reflected XSS in search pages — glpiCWE-79 6.5 Medium2023-07-05
CVE-2023-35979 Unauthenticated Buffer Overflow Vulnerability in ArubaOS Web-Based Management Interface — Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central 5.3 Medium2023-07-05
CVE-2023-35978 Reflected Cross-Site Scripting (XSS) in ArubaOS Web-based Management Interface — Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central 6.1 Medium2023-07-05
CVE-2023-35971 Unauthenticated Stored Cross-Site Scripting (XSS) in ArubaOS Web-based Management Interface — Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central 8.8 High2023-07-05
CVE-2023-2538 TLS Private Key Accessible to External Parties — s5552_bmcCWE-552 5.8 Medium2023-07-05
CVE-2023-2880 Frauscher Sensortechnik Diagnostic System FDS001 for FAdC/FAdCi Path Traversal vulnerability — Diagnostic System FDS101 for FAdC/FAdCiCWE-22 7.5 High2023-07-05
CVE-2023-36934 Progress Software MOVEit Transfer SQL注入漏洞 — n/a 9.8 -2023-07-05
CVE-2023-3133 Tutor LMS < 2.2.1 - Unauthenticated Access to Tutor LMS Lesson Resources via REST API — Tutor LMS 5.3 -2023-07-04
CVE-2023-36814 zopefoundation's Products.CMFCore vulnerable to unauthenticated denial of service and crash via unchecked use of input with Python's marshal module — Products.CMFCoreCWE-770 7.5 High2023-07-03
CVE-2020-36749 Easy Testimonials <= 3.6.1 - Cross-Site Request Forgery Bypass — Easy TestimonialsCWE-352 4.3 Medium2023-07-01
CVE-2021-4405 ElasticPress <= 3.5.3 - Cross-Site Request Forgery Bypass — ElasticPressCWE-352 4.3 Medium2023-07-01
CVE-2021-4403 Remove Schema <= 1.5 - Cross-Site Request Forgery Bypass — Remove SchemaCWE-352 4.3 Medium2023-07-01
CVE-2021-4404 Event Espresso 4 Decaf <= 4.10.11 - Cross-Site Request Forgery Bypass — Event Espresso – Event Registration & Ticketing SalesCWE-352 4.3 Medium2023-07-01
CVE-2020-36748 Dokan <= 3.0.8 - Cross-Site Request Forgery Bypass — Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, EtsyCWE-352 4.3 Medium2023-07-01
CVE-2020-36747 Lightweight Sidebar Manager <= 1.1.4 - Cross-Site Request Forgery Bypass — Lightweight Sidebar ManagerCWE-352 4.3 Medium2023-07-01
CVE-2021-4402 Multiple Roles <= 1.3.1- Cross-Site Request Forgery Bypass — Multiple RolesCWE-352 4.3 Medium2023-07-01
CVE-2021-4399 Edwiser Bridge <= 2.0.6 - Cross-Site Request Forgery Bypass — Edwiser Bridge – WordPress Moodle IntegrationCWE-352 4.3 Medium2023-07-01

Vulnerabilities classified as access:pre-auth represent 19263 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.