Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19354

19354 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2021-4408 DW Question & Answer <= 1.5.8 - Cross-Site Request Forgery Bypass — DW Question & AnswerCWE-352 4.3 Medium2023-07-12
CVE-2020-36750 EWWW Image Optimizer <= 5.8.1 - Cross-Site Request Forgery Bypass — EWWW Image OptimizerCWE-352 4.3 Medium2023-07-12
CVE-2023-26563 Syncfusion ej2-filemanager-node-filesystem 路径遍历漏洞 — n/a 9.8 -2023-07-12
CVE-2023-26564 Syncfusion EJ2 ASPCore File Provider 路径遍历漏洞 — n/a 9.1 -2023-07-12
CVE-2023-33274 PowerShield SNMP Web Pro 授权问题漏洞 — n/a 9.8 -2023-07-12
CVE-2023-37629 Online Piggery Management System 代码问题漏洞 — n/a 9.8 -2023-07-12
CVE-2023-37630 Online Piggery Management System 跨站脚本漏洞 — n/a 6.1 -2023-07-12
CVE-2023-3127 Improper Authentication in iSTAR — iSTAR UltraCWE-287 7.5 High2023-07-11
CVE-2023-34090 Decidim vulnerable to sensitive data disclosure — decidimCWE-200 7.5 High2023-07-11
CVE-2022-23447 Fortinet FortiExtender 路径遍历漏洞 — FortiExtenderCWE-22 7.3 High2023-07-11
CVE-2023-3354 Improper i/o watch removal in tls handshake can lead to remote unauthenticated denial of service — qemuCWE-476 7.5 High2023-07-11
CVE-2023-35921 Siemens SIMATIC 安全漏洞 — SIMATIC MV540 HCWE-400 7.5 High2023-07-11
CVE-2023-35920 Siemens SIMATIC 多款产品 安全漏洞 — SIMATIC MV540 HCWE-400 7.5 High2023-07-11
CVE-2022-31810 Siemens SiPass Integrated 缓冲区错误漏洞 — SiPass integratedCWE-20 7.5 High2023-07-11
CVE-2022-29562 Siemens RUGGEDCOM ROX 输入验证错误漏洞 — RUGGEDCOM ROX MX5000CWE-20 3.7 Low2023-07-11
CVE-2023-36925 Unauthenticated blind SSRF in SAP Solution Manager (Diagnostics agent) — SAP Solution Manager (Diagnostics agent)CWE-918 7.2 High2023-07-11
CVE-2023-36919 Information Disclosure in SAP Enable Now — SAP Enable NowCWE-213 5.3 Medium2023-07-11
CVE-2023-36918 Cross-Site Scripting vulnerability in SAP Enable Now — SAP Enable NowCWE-79 6.1 Medium2023-07-11
CVE-2023-35873 Missing Authentication check in SAP NetWeaver Process Integration (Runtime Workbench) — SAP NetWeaver Process Integration (Runtime Workbench)CWE-306 6.5 Medium2023-07-11
CVE-2023-35872 Missing Authentication check in SAP NetWeaver Process Integration (Message Display Tool) — SAP NetWeaver Process Integration (Message Display Tool)CWE-306 6.5 Medium2023-07-11
CVE-2023-35871 Memory Corruption vulnerability in SAP Web Dispatcher — SAP Web DispatcherCWE-787 7.7 High2023-07-11
CVE-2023-33988 Cross-Site Scripting vulnerability in SAP Enable Now — SAP Enable NowCWE-79 6.1 Medium2023-07-11
CVE-2023-33987 Request smuggling and request concatenation in SAP Web Dispatcher — SAP Web DispatcherCWE-444 8.6 High2023-07-11
CVE-2023-31405 Log Injection vulnerability in SAP NetWeaver AS for Java (Log Viewer) — SAP NetWeaver AS for Java (Log Viewer)CWE-117 5.3 Medium2023-07-11
CVE-2023-2079 Buy Me a Coffee – Button and Widget Plugin <= 3.7 - Cross-Site Request Forgery — Buy Me a Coffee – Button and Widget PluginCWE-352 7.1 High2023-07-11
CVE-2023-24489 Citrix Systems Content Collaboration 安全漏洞 — Citrix ShareFile Storage Zones ControllerCWE-284 9.8 Critical2023-07-10
CVE-2023-3219 EventON < 2.1.2 - Unauthenticated Post Access via IDOR — EventON 7.5 -2023-07-10
CVE-2023-1597 tagDiv Cloud Library < 2.7 - Unauthenticated Arbitrary User Metadata Update to Privilege Escalation — tagDiv Cloud Library 9.1 -2023-07-10
CVE-2023-2495 Greeklish-permalink < 3.5 - Unauthenticated Post Slug Update — Greeklish-permalink 6.5 -2023-07-10
CVE-2023-3077 MStore API < 3.9.8 - Unauthenticated Blind SQLi — MStore API 9.8 -2023-07-10

Vulnerabilities classified as access:pre-auth represent 19354 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.