Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19401

19401 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2022-36330 Buffer Overflow Vulnerability in Western Digital My Cloud Home and ibi devices — My Cloud Home and My Cloud Home DuoCWE-120 1.9 Low2023-05-09
CVE-2023-25831 BUG-000154236 There is a reflected cross-site scripting (XSS) vulnerability in Portal for ArcGIS. — Portal for ArcGISCWE-79 6.1 Medium2023-05-09
CVE-2023-25830 BUG-000154662 Reflected XSS vulnerability in Portal for ArcGIS — Portal for ArcGISCWE-79 6.1 Medium2023-05-09
CVE-2023-25829 BUG-000155001 - Unvalidated redirect in Portal for ArcGIS. — Portal for ArcGISCWE-601 6.1 Medium2023-05-09
CVE-2023-29107 Siemens SIMATIC Cloud Connect 安全漏洞 — SIMATIC Cloud Connect 7 CC712CWE-552 5.3 Medium2023-05-09
CVE-2023-29106 Siemens SIMATIC Cloud Connect 信息泄露漏洞 — SIMATIC Cloud Connect 7 CC712CWE-200 5.3 Medium2023-05-09
CVE-2023-31406 Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform — SAP BusinessObjects Business Intelligence PlatformCWE-79 6.1 Medium2023-05-09
CVE-2023-30744 Improper access control during application start-up in SAP AS NetWeaver JAVA. — SAP AS NetWeaver JAVACWE-306 8.2 High2023-05-09
CVE-2023-30741 Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform — SAP BusinessObjects Business Intelligence PlatformCWE-79 6.1 Medium2023-05-09
CVE-2023-28764 Information Disclosure vulnerability in SAP BusinessObjects Platform — SAP BusinessObjects PlatformCWE-522 3.7 Low2023-05-09
CVE-2023-2156 Linux kernel 安全漏洞 — Linux kernel (RPL protocol)CWE-617 7.5 -2023-05-09
CVE-2023-22787 Unauthenticated Denial of Service (DoS) in Aruba InstantOS or ArubaOS 10 Service Accessed via the PAPI Protocol — Aruba Access Points running InstantOS and ArubaOS 10 7.5 High2023-05-08
CVE-2023-22786 Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol — Aruba Access Points running InstantOS and ArubaOS 10 9.8 Critical2023-05-08
CVE-2023-22785 Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol — Aruba Access Points running InstantOS and ArubaOS 10 9.8 Critical2023-05-08
CVE-2023-22784 Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol — Aruba Access Points running InstantOS and ArubaOS 10 9.8 Critical2023-05-08
CVE-2023-22783 Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol — Aruba Access Points running InstantOS and ArubaOS 10 9.8 Critical2023-05-08
CVE-2023-22782 Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol — Aruba Access Points running InstantOS and ArubaOS 10 9.8 Critical2023-05-08
CVE-2023-22781 Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol — Aruba Access Points running InstantOS and ArubaOS 10 9.8 Critical2023-05-08
CVE-2023-22780 Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol — Aruba Access Points running InstantOS and ArubaOS 10 9.8 Critical2023-05-08
CVE-2023-22779 Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol — Aruba Access Points running InstantOS and ArubaOS 10 9.8 Critical2023-05-08
CVE-2023-1650 ChatBot < 4.4.7 - Unauthenticated PHP Object Injection — AI ChatBot 9.8 -2023-05-08
CVE-2023-1660 ChatBot < 4.4.9 - Unauthenticated Stored XSS — AI ChatBot 6.1 -2023-05-08
CVE-2023-0421 Cloud Manager <= 1.0 - Reflected XSS — Cloud Manager 6.1 -2023-05-08
CVE-2023-23523 Apple iOS 和 iPadOS 安全漏洞 — macOS 4.0 -2023-05-08
CVE-2017-20184 Carlo Gavazzi Powersoft prone to Path Traversal — PowersoftCWE-22 7.5 High2023-05-04
CVE-2023-20126 Cisco SPA112 2-Port Phone Adapters Remote Command Execution Vulnerability — Cisco Small Business IP PhonesCWE-306 9.8 Critical2023-05-04
CVE-2022-45860 Fortinet FortiNAC 授权问题漏洞 — FortiNACCWE-1390 5.0 Medium2023-05-03
CVE-2022-43950 Fortinet FortiNAC 输入验证错误漏洞 — FortiNACCWE-601 3.9 Medium2023-05-03
CVE-2023-1730 SupportCandy < 3.1.5 - Unauthenticated SQLi — SupportCandy 9.8 -2023-05-02
CVE-2022-48482 3CX 路径遍历漏洞 — n/a 7.5 -2023-05-02

Vulnerabilities classified as access:pre-auth represent 19401 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.