Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19378

19378 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2023-24527 Improper Access Control in SAP NetWeaver AS Java for Deploy Service — NetWeaver AS Java for Deploy ServiceCWE-306 5.3 Medium2023-04-11
CVE-2023-25413 ATEN International PE8108 安全漏洞 — n/a 7.5 -2023-04-11
CVE-2023-25415 ATEN International PE8108 安全漏洞 — n/a 5.3 -2023-04-11
CVE-2023-27520 Epson printer 跨站请求伪造漏洞 — SEIKO EPSON printers/network interface Web Config 7.1 -2023-04-11
CVE-2023-28341 Zoho ManageEngine Applications Manager 跨站脚本漏洞 — n/a 6.1 -2023-04-11
CVE-2023-1927 WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'deleteCssAndJsCacheToolbar' — WP Fastest Cache – WordPress Cache PluginCWE-352 4.3 Medium2023-04-06
CVE-2023-1926 WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'deleteCacheToolbar' — WP Fastest Cache – WordPress Cache PluginCWE-352 4.3 Medium2023-04-06
CVE-2023-1925 WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_clear_cache_of_allsites_callback' — WP Fastest Cache – WordPress Cache PluginCWE-352 4.3 Medium2023-04-06
CVE-2023-1924 WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_toolbar_save_settings_callback' — WP Fastest Cache – WordPress Cache PluginCWE-352 4.3 Medium2023-04-06
CVE-2023-1923 WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_remove_cdn_integration_ajax_request_callback' — WP Fastest Cache – WordPress Cache PluginCWE-352 4.3 Medium2023-04-06
CVE-2023-1922 WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_pause_cdn_integration_ajax_request_callback' — WP Fastest Cache – WordPress Cache PluginCWE-352 4.3 Medium2023-04-06
CVE-2023-1921 WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_start_cdn_integration_ajax_request_callback' — WP Fastest Cache – WordPress Cache PluginCWE-352 4.3 Medium2023-04-06
CVE-2023-1920 WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_purgecache_varnish_callback' — WP Fastest Cache – WordPress Cache PluginCWE-352 4.3 Medium2023-04-06
CVE-2023-1919 WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_preload_single_save_settings_callback' — WP Fastest Cache – WordPress Cache PluginCWE-352 4.3 Medium2023-04-06
CVE-2023-1918 WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_preload_single_callback' — WP Fastest Cache – WordPress Cache PluginCWE-352 4.3 Medium2023-04-06
CVE-2023-1912 Limit Login Attempts <= 1.7.1 - Unauthenticated Stored Cross-Site Scripting — Limit Login AttemptsCWE-79 7.2 High2023-04-06
CVE-2023-25542 Dell Trusted Device Agent 访问控制错误漏洞 — Dell Trusted Device ClientCWE-276 7.0 High2023-04-06
CVE-2023-28500 Adobe LiveCycle ES4 代码问题漏洞 — n/a 9.8 -2023-04-06
CVE-2023-29473 Atos Unify OpenScape 4000 命令注入漏洞 — n/a 9.8 Critical2023-04-06
CVE-2023-29474 Atos Unify OpenScape 4000 命令注入漏洞 — n/a 9.8 Critical2023-04-06
CVE-2023-29475 Atos Unify OpenScape 4000 命令注入漏洞 — n/a 9.8 Critical2023-04-06
CVE-2023-1782 Nomad Unauthenticated Client Agent HTTP Request Privilege Escalation — NomadCWE-862 10.0 Critical2023-04-05
CVE-2022-4941 WCFM Membership <= 2.9.10 - Cross-Site Request Forgery — WCFM Membership – WooCommerce Memberships for Multivendor MarketplaceCWE-352 6.3 Medium2023-04-05
CVE-2022-4940 WCFM Membership <= 2.10.0 - Missing Authorization — WCFM Membership – WooCommerce Memberships for Multivendor MarketplaceCWE-862 7.3 High2023-04-05
CVE-2022-4939 WCFM Membership <= 2.10.0 - Unauthenticated Privilege Escalation — WCFM Membership – WooCommerce Memberships for Multivendor MarketplaceCWE-862 9.8 Critical2023-04-05
CVE-2022-4938 WCFM Frontend Manager <= 6.5.13 - Cross-Site Request Forgery — WCFM – Frontend Manager for WooCommerceCWE-352 6.3 Medium2023-04-05
CVE-2022-4936 WCFM Marketplace <= 3.4.12 - Cross-Site Request Forgery — WCFM Marketplace – Multivendor Marketplace for WooCommerceCWE-352 6.3 Medium2023-04-05
CVE-2023-1871 YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Language Translation Reset — YourChannel: Everything you want in a YouTube plugin.CWE-352 5.4 Medium2023-04-05
CVE-2023-1870 YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Language Translation Update — YourChannel: Everything you want in a YouTube plugin.CWE-352 4.3 Medium2023-04-05
CVE-2023-1868 YourChannel <= 1.2.3 - Missing Authorization to Plugin Cache Reset — YourChannel: Everything you want in a YouTube plugin.CWE-862 6.5 Medium2023-04-05

Vulnerabilities classified as access:pre-auth represent 19378 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.