Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19358

19358 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2020-36736 WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce <= 1.5.15 - Cross-Site Request Forgery Bypass — CartFlows – Funnel Builder & Checkout Plugin for WooCommerceCWE-352 4.3 Medium2023-07-01
CVE-2020-36737 Import / Export Customizer Settings <= 1.0.3 - Cross-Site Request Forgery Bypass — Import / Export Customizer SettingsCWE-352 4.3 Medium2023-07-01
CVE-2021-4384 WordPress Photo Gallery – Image Gallery <= 1.0.6 - Cross-Site Request Forgery Bypass — WordPress Photo Gallery – Image GalleryCWE-352 4.3 Medium2023-07-01
CVE-2020-36735 WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.6.3 - Cross-Site Request Forgery Bypass — ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM SupportCWE-352 4.3 Medium2023-07-01
CVE-2023-28323 Ivanti Endpoint Manager 代码问题漏洞 — Ivanti Endpoint Manager 10.0 -2023-06-30
CVE-2023-2846 Authentication Bypass Vulnerability in MELSEC-F Series main module — MELSEC-F Series FX3U-16MR/ESCWE-294 7.5 High2023-06-30
CVE-2023-2834 BookIt <= 2.3.7 - Authentication Bypass — Bookit — Booking & Appointment CalendarCWE-288 9.8 Critical2023-06-30
CVE-2023-36144 Intelbras SG 2404 MR 安全漏洞 — n/a 7.5 -2023-06-30
CVE-2023-36347 POS Codekop 访问控制错误漏洞 — n/a 5.3 -2023-06-30
CVE-2015-1313 JetBrains TeamCity 安全漏洞 — TeamCity 8.2 -2023-06-29
CVE-2023-2982 WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.6.4 - Authentication Bypass — miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn)CWE-288 9.8 Critical2023-06-29
CVE-2023-32610 SYNCK GRAPHICA Mailform Pro CGI 安全漏洞 — Mailform Pro CGI 7.5 -2023-06-29
CVE-2023-32623 WordPress Plugin Snow Monkey Forms 路径遍历漏洞 — Snow Monkey Forms 9.1 -2023-06-28
CVE-2023-3407 Subscribe2 <= 10.40 - Cross-Site Request Forgery — Subscribe2 – Form, Email Subscribers & NewslettersCWE-352 4.3 Medium2023-06-28
CVE-2023-3427 Salon Booking System <= 8.4.6 - Cross-Site Request Forgery to Admin Role Change to Customer, User Meta Update via save_customer — Salon Booking System – Free VersionCWE-352 5.4 Medium2023-06-28
CVE-2023-34761 7-Eleven LED Message Cup 安全漏洞 — n/a 7.1 -2023-06-28
CVE-2023-20006 多款Cisco产品 安全漏洞 — Cisco Adaptive Security Appliance (ASA) SoftwareCWE-681 8.6 High2023-06-28
CVE-2023-20108 Cisco Unified Communications Manager 安全漏洞 — Cisco Unified Communications Manager IM and Presence ServiceCWE-789 7.5 High2023-06-28
CVE-2023-20119 多款Cisco产品 跨站脚本漏洞 — Cisco Secure Email and Web ManagerCWE-79 6.1 Medium2023-06-28
CVE-2023-28857 LDAP password leak in Apereo CAS - GHSL-2023-009 — CASCWE-200 4.0 Medium2023-06-27
CVE-2023-2068 File Manager Advanced Shortcode <= 2.3.2 - Unauthenticated Remote Code Execution through shortcode — file-manager-advanced-shortcode 9.8 -2023-06-27
CVE-2023-3411 Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Image Map Pro – Drag-and-drop Builder for Interactive Images – LiteCWE-352 6.1 Medium2023-06-27
CVE-2023-3132 MainWP Child <= 4.4.1.1 - Information Disclosure via Back-Up Files — MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple SitesCWE-200 5.9 Medium2023-06-27
CVE-2023-3371 EmbedPress <= 3.7.3 - Sensitive Information Exposure — EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & moreCWE-321 5.3 Medium2023-06-27
CVE-2021-30205 DzzOffice 安全漏洞 — n/a 5.3 -2023-06-27
CVE-2023-30945 CVE-2023-30945 — com.palantir.gotham:clips2CWE-287 9.8 Critical2023-06-26
CVE-2023-32557 Trend Micro Apex One 路径遍历漏洞 — Trend Micro Apex One 9.8 -2023-06-26
CVE-2023-32553 Trend Micro Apex One 安全漏洞 — Trend Micro Apex One 7.5 -2023-06-26
CVE-2023-32552 Trend Micro Apex One 安全漏洞 — Trend Micro Apex One 7.5 -2023-06-26
CVE-2023-32521 Trend Micro Mobile Security for Enterprise 路径遍历漏洞 — Trend Micro Moibile Security for Enterprise 9.1 -2023-06-26

Vulnerabilities classified as access:pre-auth represent 19358 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.