Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19284

19284 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2023-36284 Webkil QloApps SQL注入漏洞 — n/a 7.5 -2023-06-23
CVE-2023-36287 Webkul QloApps 跨站脚本漏洞 — n/a 6.1 -2023-06-23
CVE-2023-36288 Webkul QloApps 跨站脚本漏洞 — n/a 6.1 -2023-06-23
CVE-2023-36289 Webkul QloApps 跨站脚本漏洞 — n/a 6.1 -2023-06-23
CVE-2019-25152 Abandoned Cart Lite for WooCommerce < 5.2.0 and Abandoned Cart Pro for WooCommerce < 7.13.0 - Stored Cross-Site Scripting — Abandoned Cart Lite for WooCommerceCWE-79 7.2 High2023-06-22
CVE-2023-34796 dmarcts-report-viewer 跨站脚本漏洞 — n/a 6.1 -2023-06-22
CVE-2023-3110 Buffer overflow in S0 Decryption on Unify Gateway — Unify GatewayCWE-787 9.6 Critical2023-06-21
CVE-2023-0972 Buffer overflow in S0 Decryption on Z/IP Gatweay — Z/IP GatewayCWE-787 9.6 Critical2023-06-21
CVE-2023-0026 2023-06: Out-of-Cycle Security Bulletin: Junos OS and Junos OS Evolved: A BGP session will flap upon receipt of a specific, optional transitive attribute — Junos OSCWE-20 7.5 High2023-06-21
CVE-2023-27243 Makves DCAP 安全漏洞 — n/a 7.5 -2023-06-21
CVE-2023-3325 CMS Commander <= 2.287 - Authorization Bypass through Use of Insufficiently Unique Cryptographic Signature — CMS Commander – Manage Multiple SitesCWE-345 8.1 High2023-06-20
CVE-2023-3320 WordPress Plugin WP Sticky Social 跨站请求伪造漏洞 — WP Sticky Social 6.1 Medium2023-06-20
CVE-2023-27992 Zyxel NAS326 操作系统命令注入漏洞 — NAS326 firmwareCWE-78 9.8 Critical2023-06-19
CVE-2023-2751 Upload Resume <= 1.2.0 - Captcha Bypass — Upload Resume 7.5 -2023-06-19
CVE-2023-27396 Omron SYSMAC CS/CJ/CP Series 访问控制错误漏洞 — Multiple OMRON products which implement FINS protocol 9.8 -2023-06-19
CVE-2023-35843 NocoDB 路径遍历漏洞 — n/a 7.5 -2023-06-19
CVE-2023-25188 Nokia Airscale ASIKA Single RAN 安全漏洞 — n/a 5.1 Medium2023-06-16
CVE-2023-32752 L7 Networks InstantScan & InstantQoS - Arbitrary File Upload — InstantScanCWE-434 9.8 Critical2023-06-16
CVE-2023-32753 ITPison OMICARD EDM - Arbitrary File Upload — Contact ITPisonCWE-434 9.8 Critical2023-06-16
CVE-2023-32754 Thinking Software Efence - SQL injection — EfenceCWE-89 9.8 Critical2023-06-16
CVE-2023-35708 Progress Software MOVEit Transfer SQL注入漏洞 — n/a 8.4 -2023-06-16
CVE-2023-3198 MStore API <= 3.9.6 - Cross-Site Request Forgery to Order Status Update — MStore API – Create Native Android & iOS Apps On The CloudCWE-352 4.3 Medium2023-06-14
CVE-2023-3201 MStore API <= 3.9.6 - Cross-Site Request Forgery to Order Title Update — MStore API – Create Native Android & iOS Apps On The CloudCWE-352 4.3 Medium2023-06-14
CVE-2023-3200 MStore API <= 3.9.6 - Cross-Site Request Forgery to Order Message Update — MStore API – Create Native Android & iOS Apps On The CloudCWE-352 4.3 Medium2023-06-14
CVE-2023-3203 MStore API <= 3.9.6 - Cross-Site Request Forgery to Product Limit Update — MStore API – Create Native Android & iOS Apps On The CloudCWE-352 4.3 Medium2023-06-14
CVE-2023-25368 Siglent SDS 安全漏洞 — n/a 7.5 -2023-06-14
CVE-2023-31746 Adslr VW2100 命令注入漏洞 — n/a 9.8 -2023-06-14
CVE-2023-2807 Authentication bypass in password reset process — Pandora FMSCWE-290 6.4 Medium2023-06-13
CVE-2023-29175 Fortinet FortiOS 信任管理问题漏洞 — FortiOSCWE-295 4.4 Medium2023-06-13
CVE-2023-22633 Fortinet FortiNAC 安全漏洞 — FortiNACCWE-264 7.2 High2023-06-13

Vulnerabilities classified as access:pre-auth represent 19284 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.