Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19284

19284 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2023-3427 Salon Booking System <= 8.4.6 - Cross-Site Request Forgery to Admin Role Change to Customer, User Meta Update via save_customer — Salon Booking System – Free VersionCWE-352 5.4 Medium2023-06-28
CVE-2023-34761 7-Eleven LED Message Cup 安全漏洞 — n/a 7.1 -2023-06-28
CVE-2023-20006 多款Cisco产品 安全漏洞 — Cisco Adaptive Security Appliance (ASA) SoftwareCWE-681 8.6 High2023-06-28
CVE-2023-20108 Cisco Unified Communications Manager 安全漏洞 — Cisco Unified Communications Manager IM and Presence ServiceCWE-789 7.5 High2023-06-28
CVE-2023-20119 多款Cisco产品 跨站脚本漏洞 — Cisco Secure Email and Web ManagerCWE-79 6.1 Medium2023-06-28
CVE-2023-28857 LDAP password leak in Apereo CAS - GHSL-2023-009 — CASCWE-200 4.0 Medium2023-06-27
CVE-2023-2068 File Manager Advanced Shortcode <= 2.3.2 - Unauthenticated Remote Code Execution through shortcode — file-manager-advanced-shortcode 9.8 -2023-06-27
CVE-2023-3411 Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Image Map Pro – Drag-and-drop Builder for Interactive Images – LiteCWE-352 6.1 Medium2023-06-27
CVE-2023-3132 MainWP Child <= 4.4.1.1 - Information Disclosure via Back-Up Files — MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple SitesCWE-200 5.9 Medium2023-06-27
CVE-2023-3371 EmbedPress <= 3.7.3 - Sensitive Information Exposure — EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & moreCWE-321 5.3 Medium2023-06-27
CVE-2021-30205 DzzOffice 安全漏洞 — n/a 5.3 -2023-06-27
CVE-2023-30945 CVE-2023-30945 — com.palantir.gotham:clips2CWE-287 9.8 Critical2023-06-26
CVE-2023-32557 Trend Micro Apex One 路径遍历漏洞 — Trend Micro Apex One 9.8 -2023-06-26
CVE-2023-32553 Trend Micro Apex One 安全漏洞 — Trend Micro Apex One 7.5 -2023-06-26
CVE-2023-32552 Trend Micro Apex One 安全漏洞 — Trend Micro Apex One 7.5 -2023-06-26
CVE-2023-32521 Trend Micro Mobile Security for Enterprise 路径遍历漏洞 — Trend Micro Moibile Security for Enterprise 9.1 -2023-06-26
CVE-2023-3113 Lenovo XClarity Administrator 代码问题漏洞 — Lenovo XClarity AdministratorCWE-611 8.2 High2023-06-26
CVE-2023-2992 Lenovo ThinkSystem 安全漏洞 — System Management Module (SMM)CWE-405 7.5 High2023-06-26
CVE-2023-1150 WAGO: Series 750-3x/-8x prone to MODBUS server DoS — 750-332CWE-772 7.5 High2023-06-26
CVE-2023-3388 Beautiful Cookie Consent Banner <= 2.10.1 - Unauthenticated Stored Cross-Site Scripting — Beautiful Cookie Consent BannerCWE-79 7.2 High2023-06-24
CVE-2023-3197 MStore API <= 4.0.1 - Unauthenticated SQL Injection — MStore API – Create Native Android & iOS Apps On The CloudCWE-89 9.8 Critical2023-06-24
CVE-2023-35169 php-imap vulnerable to RCE through a directory traversal vulnerability — php-imapCWE-22 9.1 Critical2023-06-23
CVE-2023-28064 Dell BIOS 缓冲区错误漏洞 — CPG BIOSCWE-787 3.5 Low2023-06-23
CVE-2023-32480 Dell BIOS 输入验证错误漏洞 — CPG BIOSCWE-20 6.8 Medium2023-06-23
CVE-2023-32463 Dell VxRail 输入验证错误漏洞 — Dell EMC VxRail ApplianceCWE-20 3.4 Low2023-06-23
CVE-2023-30258 MagnusBilling 操作系统命令注入漏洞 — n/a 9.8 -2023-06-23
CVE-2023-32360 Apple macOS Ventura 安全漏洞 — macOS 7.5 -2023-06-23
CVE-2023-32365 Apple iOS 和 iPadOS 安全漏洞 — iOS and iPadOS--2023-06-23
CVE-2023-32390 Apple macOS Ventura 安全漏洞 — macOS 5.3 -2023-06-23
CVE-2023-35759 Progress Software WhatsUp Gold 跨站脚本漏洞 — n/a 6.1 -2023-06-23

Vulnerabilities classified as access:pre-auth represent 19284 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.