Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19358

19358 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2023-21925 Oracle Health Sciences Applications 安全漏洞 — Health Sciences InForm 5.3 Medium2023-04-18
CVE-2023-21926 Oracle Health Sciences Applications 安全漏洞 — Health Sciences InForm 5.5 Medium2023-04-18
CVE-2023-21922 Oracle Health Sciences Applications 安全漏洞 — Health Sciences InForm 6.8 Medium2023-04-18
CVE-2023-21916 Oracle PeopleSoft Enterprise PeopleTools 安全漏洞 — PeopleSoft Enterprise PT PeopleTools 5.3 Medium2023-04-18
CVE-2023-21912 Oracle MySQL 安全漏洞 — MySQL Server 7.5 High2023-04-18
CVE-2023-2120 Thumbnail carousel slider <= 1.1.9 - Reflected Cross-Site Scripting — Thumbnail carousel sliderCWE-79 6.1 Medium2023-04-18
CVE-2023-2119 Responsive Filterable Portfolio <= 1.0.19 - Reflected Cross-Site Scripting — Responsive Filterable PortfolioCWE-79 6.1 Medium2023-04-18
CVE-2023-28959 Junos OS: QFX10002: PFE wedges and restarts upon receipt of specific malformed packets — Junos OSCWE-703 6.5 Medium2023-04-17
CVE-2023-28962 Junos OS: Unauthenticated access vulnerability in J-Web — Junos OSCWE-287 5.3 Medium2023-04-17
CVE-2023-28963 Junos OS: User-controlled input vulnerability in J-Web — Junos OSCWE-287 5.3 Medium2023-04-17
CVE-2023-28964 Junos OS and Junos OS Evolved: Malformed BGP flowspec update causes RPD crash — Junos OSCWE-130 7.5 High2023-04-17
CVE-2023-28967 Junos OS and Junos OS Evolved: An attacker sending genuine BGP packets causes an RPD crash — Junos OS 7.5 High2023-04-17
CVE-2023-28968 Junos OS: SRX Series: Policies that rely on JDPI-Decoder actions may fail open — Junos OSCWE-1325 5.3 Medium2023-04-17
CVE-2023-28974 Junos OS: MX Series: In a BBE scenario upon receipt of specific malformed packets from subscribers the process bbe-smgd will crash — Junos OSCWE-754 7.4 High2023-04-17
CVE-2023-28975 Junos OS: The kernel will crash when certain USB devices are inserted — Junos OSCWE-394 4.6 Medium2023-04-17
CVE-2023-28976 Junos OS: MX Series: If a specific traffic rate goes above the DDoS threshold it will lead to an FPC crash — Junos OSCWE-754 7.5 High2023-04-17
CVE-2023-28978 Junos OS Evolved: Read access to some confidential user information is possible — Junos OS EvolvedCWE-1188 5.3 Medium2023-04-17
CVE-2023-28979 Junos OS: In a 6PE scenario upon receipt of a specific IPv6 packet an integrity check fails — Junos OSCWE-754 4.7 Medium2023-04-17
CVE-2023-28981 Junos OS and Junos OS Evolved: If malformed IPv6 router advertisements are received, memory corruption will occur which causes an rpd crash — Junos OSCWE-20 6.5 Medium2023-04-17
CVE-2023-28982 Junos OS and Junos OS Evolved: In a BGP rib sharding scenario when a route is frequently updated an rpd memory leak will occur — Junos OSCWE-401 7.5 High2023-04-17
CVE-2022-46389 Cross-Site Scripting (XSS) vulnerability found on logout functionality — Now PlatformCWE-79 6.1 Medium2023-04-17
CVE-2023-1697 Junos OS: QFX10000 Series, PTX1000 Series: The dcpfe process will crash when a malformed ethernet frame is received — Junos OSCWE-230 6.5 Medium2023-04-17
CVE-2023-2027 ZM Ajax Login & Register <= 2.0.2 - Authentication Bypass — ZM Ajax Login & RegisterCWE-288 9.8 Critical2023-04-15
CVE-2020-29007 LilyPond 代码注入漏洞 — n/a 9.8 -2023-04-15
CVE-2023-1617 Improper Authentication Mechanism in B&R VC4 Visualization — B&R VC4CWE-287 9.8 Critical2023-04-14
CVE-2023-1285 Mitsubishi Electric GC-ENET-COM 竞争条件问题漏洞 — GC-ENET-COMCWE-364 7.5 High2023-04-14
CVE-2022-45175 LIVEBOX Collaboration vDesk 安全漏洞 — n/a 6.5 -2023-04-14
CVE-2023-25597 Mitel MiCollab 授权问题漏洞 — n/a 5.3 -2023-04-14
CVE-2023-30521 Jenkins Plugin Assembla merge request builder 安全漏洞 — Jenkins Assembla merge request builder Plugin 7.5 -2023-04-12
CVE-2023-30519 Jenkins Plugin Quay.io trigger 安全漏洞 — Jenkins Quay.io trigger Plugin 7.5 -2023-04-12

Vulnerabilities classified as access:pre-auth represent 19358 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.