Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18829

18829 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2026-28807 Path Traversal in wisp.serve_static allows arbitrary file read — wispCWE-22 7.5AIHighAI2026-03-10
CVE-2026-31824 Sylius has a Promotion Usage Limit Bypass via Race Condition — SyliusCWE-362 8.2 High2026-03-10
CVE-2026-31821 Sylius is Missing Authorization in API v2 Add Item Endpoint — SyliusCWE-862 5.3AIMediumAI2026-03-10
CVE-2026-31819 Sylius has an Open Redirect via Referer Header — SyliusCWE-601 6.1AIMediumAI2026-03-10
CVE-2026-31812 Quinn affected by unauthenticated remote DoS via panic in QUIC transport parameter parsing — quinnCWE-248 7.5 -2026-03-10
CVE-2026-31809 SiYuan has a SVG Sanitizer Bypass via Whitespace in `javascript:` URI — Unauthenticated XSS — siyuanCWE-79 5.4AIMediumAI2026-03-10
CVE-2026-31807 SiYuan has a SVG Sanitizer Bypass via `<animate>` Element — Unauthenticated XSS — siyuanCWE-79 6.1AIMediumAI2026-03-10
CVE-2026-30965 Parse Server session token exfiltration via `redirectClassNameForKey` query parameter — parse-serverCWE-863 8.1AIHighAI2026-03-10
CVE-2026-30947 Parse Server ha a bypass of class-level permissions in LiveQuery — parse-serverCWE-863 7.5AIHighAI2026-03-10
CVE-2026-30946 Parse Server affected by denial-of-service via unbounded query complexity in REST and GraphQL API — parse-serverCWE-770 7.5AIHighAI2026-03-10
CVE-2026-29792 Feathersjs has an OAuth Callback Account Takeover — feathersCWE-287 8.2AIHighAI2026-03-10
CVE-2026-29113 Craft has a potential information disclosure vulnerability in preview tokens — cmsCWE-352 6.5AIMediumAI2026-03-10
CVE-2026-28495 GetSimple CMS has CSRF to Remote Code Execution via Arbitrary PHP Write in gsconfig.php — GetSimpleCMS-CECWE-352 9.7 Critical2026-03-10
CVE-2026-27826 MCP Atlassian has SSRF via unvalidated X-Atlassian-Jira-Url / X-Atlassian-Confluence-Url headers — mcp-atlassianCWE-918 8.2 High2026-03-10
CVE-2025-13901 Schneider Electric多款产品 安全漏洞 — Modicon M241/M251CWE-404 5.3AIMediumAI2026-03-10
CVE-2026-30958 OneUptime: Path Traversal — Arbitrary File Read (No Auth) — oneuptimeCWE-22 7.2 High2026-03-10
CVE-2025-54659 Fortinet FortiSOAR Agent Communication Bridge 路径遍历漏洞 — FortiSOAR Agent Communication BridgeCWE-22 5.5 Medium2026-03-10
CVE-2026-24017 Fortinet FortiWeb 安全漏洞 — FortiWebCWE-799 7.3 High2026-03-10
CVE-2026-25972 Fortinet FortiSIEM 跨站脚本漏洞 — FortiSIEMCWE-79 4.1 Medium2026-03-10
CVE-2025-68482 Fortinet FortiManager和Fortinet FortiAnalyzer 信任管理问题漏洞 — FortiAnalyzerCWE-295 6.3 Medium2026-03-10
CVE-2025-48840 Fortinet FortiWeb 安全漏洞 — FortiWebCWE-290 5.0 Medium2026-03-10
CVE-2026-22627 Fortinet FortiSwitchAXFixed 安全漏洞 — FortiSwitchAXFixedCWE-120 7.7 High2026-03-10
CVE-2025-54820 Fortinet FortiManager 安全漏洞 — FortiManagerCWE-121 7.0 High2026-03-10
CVE-2026-30941 Parse Server has a NoSQL injection via token type in password reset and email verification endpoints — parse-serverCWE-943 9.8AICriticalAI2026-03-10
CVE-2026-30939 Parse Server has Denial of Service (DoS) and Cloud Function Dispatch Bypass via Prototype Chain Resolution — parse-serverCWE-1321 7.5AIHighAI2026-03-10
CVE-2026-2742 Unauthorized session creation via reserved framework path access — vaadinCWE-284 9.1AICriticalAI2026-03-10
CVE-2026-2724 Unlimited Elements For Elementor <= 2.0.5 - Unauthenticated Stored Cross-Site Scripting via Form Entry Fields — Unlimited Elements For ElementorCWE-79 7.2 High2026-03-10
CVE-2026-1261 MetForm Pro <= 3.9.6 - Unauthenticated Stored Cross-Site Scripting — MetForm ProCWE-79 7.2 High2026-03-10
CVE-2025-41712 Incorrect Permission Assignment on power analyzer — UMG 96RM-E 24V(5222063)CWE-732 6.5 Medium2026-03-10
CVE-2025-41711 Use of a Broken or Risky Cryptographic Algorithm for firmware images of power analyzer — UMG 96RM-E 24V(5222063)CWE-327 5.3 Medium2026-03-10

Vulnerabilities classified as access:pre-auth represent 18829 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.