Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19366

19366 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2023-0812 Active Directory Integration / LDAP Integration < 4.1.1 - Unauthenticated Data Disclosure — Active Directory Integration / LDAP Integration 7.5 -2023-05-15
CVE-2023-2180 KIWIZ Invoices Certification & PDF System <= 2.1.3 - Unauthenticated Arbitrary File Download — KIWIZ Invoices Certification & PDF System 9.8 -2023-05-15
CVE-2023-0600 WP Visitor Statistics (Real Time Traffic) < 6.9 - Unauthenticated SQLi — WP Visitor Statistics (Real Time Traffic) 9.8 -2023-05-15
CVE-2022-4048 CODESYS V3 prone to Inadequate Encryption Stregth — CODESYS Development System V3CWE-326 7.7 High2023-05-15
CVE-2023-1698 WAGO: WBM Command Injection in multiple products — Compact Controller CC100CWE-78 9.8 Critical2023-05-15
CVE-2023-1934 SDG Technologies PnPSCADA SQL注入漏洞 — PnPSCADACWE-89 9.8 Critical2023-05-12
CVE-2023-23444 SICK Flexi Classic 访问控制错误漏洞 — UE410-EN3 FLEXI ETHERNET GATEW. 7.5 High2023-05-12
CVE-2023-1096 NetApp SnapCenter 安全漏洞 — SnapCenter 9.8 -2023-05-12
CVE-2023-28359 Rocket.Chat SQL注入漏洞 — Rocket.ChatCWE-89 9.4 -2023-05-11
CVE-2023-31151 Improper Certificate Validation — SEL-3505CWE-295 4.7 Medium2023-05-10
CVE-2022-41985 Weston Embedded uC-FTPs 授权问题漏洞 — uC-FTPsCWE-303 8.6 High2023-05-10
CVE-2023-27298 Intel WULT software 代码问题漏洞 — WULT software maintained by Intel(R) 8.8 High2023-05-10
CVE-2022-41646 Intel IPP Cryptography software 安全漏洞 — Intel(R) IPP Cryptography software 4.7 Medium2023-05-10
CVE-2023-22441 Seiko Solutions SkyBridge 访问控制错误漏洞 — SkyBridge MB-A200 and SkyBridge BASIC MB-A130 9.8 -2023-05-10
CVE-2023-23578 Seiko Solutions SkyBridge 安全漏洞 — SkyBridge MB-A200 9.8 -2023-05-10
CVE-2023-23901 Seiko Solutions SkyBridge 信任管理问题漏洞 — SkyBridge MB-A200 and SkyBridge BASIC MB-A130 6.5 -2023-05-10
CVE-2023-23906 Seiko Solutions SkyBridge 访问控制错误漏洞 — SkyBridge MB-A100/110 9.8 -2023-05-10
CVE-2023-25070 Seiko Solutions SkyBridge 安全漏洞 — SkyBridge MB-A100/110 9.8 -2023-05-10
CVE-2023-25072 Seiko Solutions SkyBridge 安全漏洞 — SkyBridge MB-A100/110 9.8 -2023-05-10
CVE-2023-25184 Seiko Solutions SkyBridge 安全漏洞 — SkyBridge MB-A200, SkyBridge BASIC MB-A130, and SkySpider MB-R210 9.8 -2023-05-10
CVE-2023-27510 Jubei JB inquiry form 安全漏洞 — JB Inquiry form 7.5 -2023-05-10
CVE-2023-27889 WordPress plugin LIQUID SPEECH BALLOON 跨站请求伪造漏洞 — LIQUID SPEECH BALLOON 8.8 -2023-05-10
CVE-2023-27918 WordPress plugin Appointment and Event Booking Calendar for WordPress 跨站脚本漏洞 — Appointment and Event Booking Calendar for WordPress - Amelia 6.1 -2023-05-10
CVE-2023-27919 NEXT ENGINE Integration Plugin 授权问题漏洞 — NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series) 7.5 -2023-05-10
CVE-2023-30353 Tenda CP3 命令注入漏洞 — n/a 9.8 -2023-05-10
CVE-2022-36330 Buffer Overflow Vulnerability in Western Digital My Cloud Home and ibi devices — My Cloud Home and My Cloud Home DuoCWE-120 1.9 Low2023-05-09
CVE-2023-25831 BUG-000154236 There is a reflected cross-site scripting (XSS) vulnerability in Portal for ArcGIS. — Portal for ArcGISCWE-79 6.1 Medium2023-05-09
CVE-2023-25830 BUG-000154662 Reflected XSS vulnerability in Portal for ArcGIS — Portal for ArcGISCWE-79 6.1 Medium2023-05-09
CVE-2023-25829 BUG-000155001 - Unvalidated redirect in Portal for ArcGIS. — Portal for ArcGISCWE-601 6.1 Medium2023-05-09
CVE-2023-29107 Siemens SIMATIC Cloud Connect 安全漏洞 — SIMATIC Cloud Connect 7 CC712CWE-552 5.3 Medium2023-05-09

Vulnerabilities classified as access:pre-auth represent 19366 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.