Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19356

19356 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2023-2704 BP Social Connect <= 1.5 - Authentication Bypass — BP Social ConnectCWE-288 9.8 Critical2023-05-19
CVE-2023-20156 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities — Cisco Small Business Smart and Managed SwitchesCWE-120 8.6 High2023-05-18
CVE-2023-20157 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities — Cisco Small Business Smart and Managed SwitchesCWE-120 8.6 High2023-05-18
CVE-2023-20158 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities — Cisco Small Business Smart and Managed SwitchesCWE-120 8.6 High2023-05-18
CVE-2023-20159 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities — Cisco Small Business Smart and Managed SwitchesCWE-120 8.6 High2023-05-18
CVE-2023-20160 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities — Cisco Small Business Smart and Managed SwitchesCWE-120 8.6 High2023-05-18
CVE-2023-20161 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities — Cisco Small Business Smart and Managed SwitchesCWE-120 8.6 High2023-05-18
CVE-2023-20162 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities — Cisco Small Business Smart and Managed SwitchesCWE-120 8.6 High2023-05-18
CVE-2023-20189 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities — Cisco Small Business Smart and Managed SwitchesCWE-120 8.6 High2023-05-18
CVE-2023-20003 Cisco Business Wireless Access Points Social Login Guest User Authentication Bypass Vulnerability — Cisco Business Wireless Access Point SoftwareCWE-288 4.7 Medium2023-05-18
CVE-2023-20024 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities — Cisco Small Business Smart and Managed SwitchesCWE-120 8.6 High2023-05-18
CVE-2023-2745 WordPress Core < 6.2.1 - Directory Traversal — WordPressCWE-22 5.4 Medium2023-05-17
CVE-2023-2608 Multiple Page Generator Plugin <= 3.3.17 - Cross-Site Request Forgery to SQL Injection — Multiple Page Generator Plugin – MPGCWE-352 3.1 Low2023-05-17
CVE-2023-2706 OTP Login Woocommerce & Gravity Forms <= 2.2 - Authentication Bypass to Privilege Escalation — OTP Login & Register WoocommerceCWE-287 8.1 High2023-05-17
CVE-2023-2528 Contact Form by Supsystic <= 1.7.24 - Cross-Site Request Forgery via AJAX action — Contact Form by SupsysticCWE-352 5.4 Medium2023-05-16
CVE-2023-28076 Dell CloudLink 加密问题漏洞 — CloudLinkCWE-327 5.9 Medium2023-05-16
CVE-2023-2499 RegistrationMagic <= 5.2.1.0 - Authentication Bypass — RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User LoginCWE-288 9.8 Critical2023-05-16
CVE-2023-2710 video carousel slider with lightbox <= 1.0.22 - Reflected Cross-Site Scripting — video carousel slider with lightboxCWE-79 6.1 Medium2023-05-16
CVE-2023-2708 Video Gallery <= 1.0.10 - Reflected Cross-Site Scripting — Video GalleryCWE-79 6.1 Medium2023-05-16
CVE-2022-4774 Bit Form < 1.9 - RCE via Unauthenticated Arbitrary File Upload — Bit Form 9.8 -2023-05-15
CVE-2023-0812 Active Directory Integration / LDAP Integration < 4.1.1 - Unauthenticated Data Disclosure — Active Directory Integration / LDAP Integration 7.5 -2023-05-15
CVE-2023-2180 KIWIZ Invoices Certification & PDF System <= 2.1.3 - Unauthenticated Arbitrary File Download — KIWIZ Invoices Certification & PDF System 9.8 -2023-05-15
CVE-2023-0600 WP Visitor Statistics (Real Time Traffic) < 6.9 - Unauthenticated SQLi — WP Visitor Statistics (Real Time Traffic) 9.8 -2023-05-15
CVE-2022-4048 CODESYS V3 prone to Inadequate Encryption Stregth — CODESYS Development System V3CWE-326 7.7 High2023-05-15
CVE-2023-1698 WAGO: WBM Command Injection in multiple products — Compact Controller CC100CWE-78 9.8 Critical2023-05-15
CVE-2023-1934 SDG Technologies PnPSCADA SQL注入漏洞 — PnPSCADACWE-89 9.8 Critical2023-05-12
CVE-2023-23444 SICK Flexi Classic 访问控制错误漏洞 — UE410-EN3 FLEXI ETHERNET GATEW. 7.5 High2023-05-12
CVE-2023-1096 NetApp SnapCenter 安全漏洞 — SnapCenter 9.8 -2023-05-12
CVE-2023-28359 Rocket.Chat SQL注入漏洞 — Rocket.ChatCWE-89 9.4 -2023-05-11
CVE-2023-31151 Improper Certificate Validation — SEL-3505CWE-295 4.7 Medium2023-05-10

Vulnerabilities classified as access:pre-auth represent 19356 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.