Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19355

19355 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2022-24627 AudioCodes Device Manager Express SQL注入漏洞 — n/a 9.8 -2023-05-29
CVE-2023-30570 Libreswan 资源管理错误漏洞 — n/a 7.5 -2023-05-28
CVE-2023-32315 Openfire administration console authentication bypass — OpenfireCWE-22 8.6 High2023-05-26
CVE-2023-2825 GitLab 路径遍历漏洞 — GitLab 10.0 Critical2023-05-26
CVE-2023-33247 Talend Data Catalog 安全漏洞 — n/a 9.8 -2023-05-26
CVE-2023-2732 MStore API <= 3.9.2 - Authentication Bypass — MStore API – Create Native Android & iOS Apps On The CloudCWE-288 9.8 Critical2023-05-25
CVE-2023-2733 MStore API <= 3.9.0 - Authentication Bypass — MStore API – Create Native Android & iOS Apps On The CloudCWE-288 9.8 Critical2023-05-25
CVE-2023-2734 MStore API <= 3.9.1 - Authentication Bypass — MStore API – Create Native Android & iOS Apps On The CloudCWE-288 9.8 Critical2023-05-25
CVE-2023-28370 Tornado 输入验证错误漏洞 — Tornado 6.1 -2023-05-25
CVE-2023-1424 Denial-of-Service and Remote Code Execution Vulnerability in MELSEC Series CPU module — MELSEC iQ-F Series FX5U-32MT/ESCWE-120 10.0 Critical2023-05-24
CVE-2023-25598 Mitel MiVoice Connect 跨站脚本漏洞 — n/a 6.1 -2023-05-24
CVE-2023-25599 Mitel MiVoice Connect 跨站脚本漏洞 — n/a 6.1 -2023-05-24
CVE-2023-31457 Mitel MiVoice Connect 安全漏洞 — n/a 8.8 -2023-05-24
CVE-2023-31458 Mitel MiVoice Connect 安全漏洞 — n/a 8.8 -2023-05-24
CVE-2023-31459 Mitel MiVoice Connect 授权问题漏洞 — n/a 8.8 -2023-05-24
CVE-2023-31595 IC Realtime ICIP-P2012T 安全漏洞 — n/a 9.8 -2023-05-24
CVE-2023-33009 Zyxel ATP 安全漏洞 — ATP series firmwareCWE-120 9.8 Critical2023-05-24
CVE-2023-33010 Zyxel ATP 安全漏洞 — ATP series firmwareCWE-120 9.8 Critical2023-05-24
CVE-2023-33796 NetBox 安全漏洞 — n/a 7.5 -2023-05-24
CVE-2023-23545 ESPEC MIC 多款产品访问控制错误漏洞 — T&D Corporation and ESPEC MIC CORP. data logger products 9.1 -2023-05-23
CVE-2023-27387 ESPEC MIC多款产品跨站请求伪造漏洞 — T&D Corporation and ESPEC MIC CORP. data logger products 8.3 -2023-05-23
CVE-2023-27388 ESPEC MIC多款产品授权问题漏洞 — T&D Corporation and ESPEC MIC CORP. data logger products 9.8 -2023-05-23
CVE-2023-27922 WordPress plugin Newsletter 跨站脚本漏洞 — Newsletter 6.1 -2023-05-23
CVE-2023-28408 WordPress plugin MW WP Form 路径遍历漏洞 — MW WP Form 6.5 -2023-05-23
CVE-2023-28409 WordPress plugin MW WP Form 代码问题漏洞 — MW WP Form 9.8 -2023-05-23
CVE-2023-28413 WordPress plugin Snow Monkey Forms 路径遍历漏洞 — Snow Monkey Forms 9.8 -2023-05-23
CVE-2023-2276 WCFM Membership – WooCommerce Memberships for Multivendor Marketplace <= 2.10.7 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Password Change — WCFM Membership – WooCommerce Memberships for Multivendor MarketplaceCWE-639 9.8 Critical2023-05-20
CVE-2023-2717 Groundhogg <= 2.7.9.8 - Cross-Site Request Forgery to Disable All Plugins — Groundhogg — CRM, Newsletters, and Marketing AutomationCWE-352 5.4 Medium2023-05-20
CVE-2023-1618 Authentication Bypass Vulnerability in MELSEC WS Series Ethernet Interface Module — MELSEC WS Series WS0-GETH00200CWE-489 7.5 High2023-05-19
CVE-2023-2704 BP Social Connect <= 1.5 - Authentication Bypass — BP Social ConnectCWE-288 9.8 Critical2023-05-19

Vulnerabilities classified as access:pre-auth represent 19355 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.