Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19357

19357 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2023-2303 Contact Form and Calls To Action by vcita <= 4.10.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Contact Form Builder by vcitaCWE-352 6.1 Medium2023-06-03
CVE-2023-2407 Event Registration Calendar By vcita <= 1.3.1 & Online Payments – Get Paid with PayPal, Square & Stripe <= 3.10.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Event Registration Calendar By vcitaCWE-352 6.1 Medium2023-06-03
CVE-2023-2405 CRM and Lead Management by vcita <= 2.7.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting — CRM and Lead Management by vcitaCWE-352 6.1 Medium2023-06-03
CVE-2023-2781 User Email Verification for WooCommerce <= 3.5.0 - Authentication Bypass — User Email Verification for WooCommerceCWE-288 8.1 High2023-06-02
CVE-2023-3052 Page Builder by AZEXO <= 1.27.133 - Cross-Site Request Forgery to Post Creation/Modification/Deletion — Page Builder with Image Map by AZEXOCWE-352 6.3 Medium2023-06-02
CVE-2023-3055 Page Builder by AZEXO <= 1.27.133 - Cross-Site Request Forgery to Stored Cross-Site Scripting via azh_save — Page Builder with Image Map by AZEXOCWE-352 6.1 Medium2023-06-02
CVE-2023-2835 WP Directory Kit <= 1.2.3 - Reflected Cross-Site Scripting via 'search' — WP Directory KitCWE-79 6.1 Medium2023-06-02
CVE-2023-2063 Information disclosure, tampering, deletion and destruction vulnerability in MELSEC iQ-R Series / iQ-F Series EtherNet/IP Modules — MELSEC iQ-R Series EtherNet/IP module RJ71EIP91CWE-434 6.3 Medium2023-06-02
CVE-2023-2062 Information Disclosure vulnerability in EtherNet/IP Configuration tools — EtherNet/IP Configuration tool for RJ71EIP91 SW1DNN-EIPCT-BDCWE-549 6.2 Medium2023-06-02
CVE-2023-2061 Authentication bypass vulnerability in MELSEC iQ-R Series / iQ-F Series EtherNet/IP Modules — MELSEC iQ-R Series EtherNet/IP module RJ71EIP91CWE-259 6.2 Medium2023-06-02
CVE-2023-2060 Authentication bypass vulnerability in MELSEC iQ-R Series / iQ-F Series EtherNet/IP Modules — MELSEC iQ-R Series EtherNet/IP module RJ71EIP91CWE-521 7.5 High2023-06-02
CVE-2023-28698 WADE DIGITAL DESIGN CO, LTD. FANTSY - Broken Acesss Control — FANTSYCWE-863 9.8 Critical2023-06-02
CVE-2023-28701 ELITE Web Fax - SQL Injection — Web FaxCWE-89 9.8 Critical2023-06-02
CVE-2023-28704 Furbo dog camera - Command Injection — dog camera firewareCWE-78 8.8 High2023-06-02
CVE-2023-30602 Hitron Technologies Inc. CODA-5310 - Insecure service Telnet — Hitron CODA-5310CWE-319 7.5 High2023-06-02
CVE-2023-30603 Hitron Technologies Inc. CODA-5310 - Using default credentials — Hitron CODA-5310CWE-1392 9.8 Critical2023-06-02
CVE-2023-34362 MoveIT SQL注入漏洞 — n/a 9.8 -2023-06-02
CVE-2023-32706 Denial Of Service due to Untrusted XML Tag in XML Parser within SAML Authentication — Splunk EnterpriseCWE-611 7.7 High2023-06-01
CVE-2023-34092 Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//) — viteCWE-50 7.5 High2023-06-01
CVE-2023-29159 Starlette 路径遍历漏洞 — Starlette 7.5 -2023-06-01
CVE-2023-2758 Contec CONPROSYS HMI System (CHS) v3.5.2 Denial of Service — CONPROSYS HMI SystemCWE-799 3.7 Low2023-05-31
CVE-2023-25539 Dell NetWorker 操作系统命令注入漏洞 — NetWorker NVECWE-94 8.4 High2023-05-31
CVE-2023-2987 Wordapp <= 1.6.0 - Authorization Bypass through Use of Insufficiently Unique Cryptographic Signature — WordappCWE-345 9.8 Critical2023-05-31
CVE-2023-2549 WordPress Plugin Feather Login Page Feather Login Page 跨站请求伪造漏洞 — Custom Login Page | Temporary Users | Rebrand Login | Login Captcha 8.8 High2023-05-31
CVE-2023-33507 Kramer VIA GO² 安全漏洞 — n/a 7.5 -2023-05-31
CVE-2023-33508 Kramer VIA GO² 代码问题漏洞 — n/a 9.8 -2023-05-31
CVE-2021-45039 Uniview IP Camera 安全漏洞 — n/a 9.8 -2023-05-31
CVE-2023-20884 VMware Identity Manager 输入验证错误漏洞 — VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware Cloud Foundation (Cloud Foundation) 6.1 Medium2023-05-30
CVE-2023-0733 Newsletter Popup <= 1.2 - Unauthenticated Stored XSS — Newsletter Popup 6.1 -2023-05-30
CVE-2023-28344 Faronics Insight 安全漏洞 — n/a 7.5 -2023-05-30

Vulnerabilities classified as access:pre-auth represent 19357 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.