Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19348

19348 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2023-31746 Adslr VW2100 命令注入漏洞 — n/a 9.8 -2023-06-14
CVE-2023-2807 Authentication bypass in password reset process — Pandora FMSCWE-290 6.4 Medium2023-06-13
CVE-2023-29175 Fortinet FortiOS 信任管理问题漏洞 — FortiOSCWE-295 4.4 Medium2023-06-13
CVE-2023-22633 Fortinet FortiNAC 安全漏洞 — FortiNACCWE-264 7.2 High2023-06-13
CVE-2022-43949 Fortinet FortiSIEM 加密问题漏洞 — FortiSIEMCWE-327 5.9 Medium2023-06-13
CVE-2023-29129 Siemens Mendix SAML Module 授权问题漏洞 — Mendix SAML (Mendix 7 compatible)CWE-303 9.1 Critical2023-06-13
CVE-2023-27465 Siemens SIMOTION 信息泄露漏洞 — SIMOTION C240CWE-213 4.6 Medium2023-06-13
CVE-2023-2563 WordPress Contact Forms by Cimatti <= 1.5.7 - Cross-Site Request Forgery via _accua_forms_form_edit_action — Contact Forms by CimattiCWE-352 4.3 Medium2023-06-13
CVE-2023-2277 WP Directory Kit <= 1.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting via wdk_resultitem — WP Directory KitCWE-352 6.1 Medium2023-06-13
CVE-2023-2278 WP Directory Kit <= 1.1.9 - Unauthenticated Local File Inclusion via wdk_public_action — WP Directory KitCWE-22 9.8 Critical2023-06-13
CVE-2023-31196 Inaba Denki Sangyo Wi-Fi AP UNIT 访问控制错误漏洞 — Wi-Fi AP UNIT 5.3 -2023-06-13
CVE-2023-33568 Dolibarr 安全漏洞 — n/a 7.5 -2023-06-13
CVE-2022-36331 Impersonation attack causing an Authentication Bypass on Western Digital devices — My Cloud OS 5CWE-290 10.0 Critical2023-06-12
CVE-2023-34335 BMC AMI 访问控制错误漏洞 — MegaRAC_SPxCWE-288 7.7 High2023-06-12
CVE-2023-35034 Atos Unify OpenScape 4000 安全漏洞 — n/a 9.8 -2023-06-12
CVE-2023-35036 Progress Software MOVEit Transfer SQL注入漏洞 — n/a 9.8 -2023-06-12
CVE-2023-2286 WP Activity Log <= 4.5.0 - Cross-Site Request Forgery via ajax_run_cleanup — WP Activity LogCWE-352 4.3 Medium2023-06-09
CVE-2023-2285 WP Activity Log Premium <= 4.5.0 - Cross-Site Request Forgery via ajax_switch_db — WP Activity Log PremiumCWE-352 4.3 Medium2023-06-09
CVE-2023-2892 WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_bulk_delete_product — Shopping Cart & eCommerce StoreCWE-352 6.5 Medium2023-06-09
CVE-2023-2894 WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_bulk_deactivate_product — Shopping Cart & eCommerce StoreCWE-352 4.3 Medium2023-06-09
CVE-2023-2893 WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_deactivate_product — Shopping Cart & eCommerce StoreCWE-352 4.3 Medium2023-06-09
CVE-2023-2896 WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_duplicate_product — Shopping Cart & eCommerce StoreCWE-352 4.3 Medium2023-06-09
CVE-2023-2895 WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_bulk_activate_product — Shopping Cart & eCommerce StoreCWE-352 4.3 Medium2023-06-09
CVE-2023-2184 WP Responsive Tabs horizontal vertical and accordion Tabs <= 1.1.15 - Reflected Cross-Site Scripting — WP Responsive Tabs horizontal vertical and accordion TabsCWE-79 6.1 Medium2023-06-09
CVE-2023-1430 FluentCRM - Marketing Automation For WordPress <= 2.8.01 - Insufficient Use of Hash as Authorization Control — FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM SolutionCWE-759 6.5 Medium2023-06-09
CVE-2023-2087 Essential Blocks <= 4.0.6 - Cross-Site Request Forgery via save — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & PatternsCWE-352 4.3 Medium2023-06-09
CVE-2023-2289 wordpress vertical image slider plugin <= 1.2.16 - Reflected Cross-Site Scripting — Vertical Image SliderCWE-79 6.1 Medium2023-06-09
CVE-2023-0721 Metform Elementor Contact Form Builder <= 3.3.0 - Unauthenticated CSV Injection — MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for ElementorCWE-1236 8.3 High2023-06-09
CVE-2023-0292 Quiz And Survey Master <= 8.0.8 - Cross-Site Request Forgery to Arbitrary Media Deletion — Quiz and Survey Master (QSM) – Easy Quiz and Survey MakerCWE-352 5.4 Medium2023-06-09
CVE-2023-1807 Elementor Addons, Widgets and Enhancements – Stax <= 1.4.3 - Cross-Site Request Forgery via toggle_widget — Stax Addons for ElementorCWE-352 4.3 Medium2023-06-09

Vulnerabilities classified as access:pre-auth represent 19348 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.