Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18829

18829 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2025-41710 Use of Hard-coded Credentials in power analyzer — UMG 96RM-E 24V(5222063)CWE-798 6.5 Medium2026-03-10
CVE-2025-41709 Command injection in power analyzer via Modbus-TCP and Modbus-RTU — UMG 96RM-E 24V(5222063)CWE-78 9.8 Critical2026-03-10
CVE-2026-0953 Tutor LMS Pro <= 3.9.5 - Authentication Bypass via Social Login — Tutor LMS ProCWE-287 9.8 Critical2026-03-10
CVE-2026-1919 Booktics <= 1.0.16 - Missing Authorization to Get Items via REST API endpoints — Booktics – Booking Calendar for Appointments and Service BusinessesCWE-306 5.3 Medium2026-03-10
CVE-2026-1920 Booktics <= 1.0.16 - Missing Authorization to Addon Plugin Installation — Booktics – Booking Calendar for Appointments and Service BusinessesCWE-306 5.3 Medium2026-03-10
CVE-2026-24317 DLL Hijacking vulnerability in SAP GUI for Windows with active GuiXT — SAP GUI for Windows with active GuiXTCWE-427 5.0 Medium2026-03-10
CVE-2026-0489 DOM-based Cross-Site Scripting (XSS) Vulnerability in SAP Business One (Job Service) — SAP Business One (Job Service)CWE-79 6.1 Medium2026-03-10
CVE-2026-30885 WWBN AVideo - Unauthenticated IDOR - Playlist Information Disclosure — AVideoCWE-306 5.3AIMediumAI2026-03-09
CVE-2026-31816 Budibase Universal Auth Bypass via Webhook Query Param Injection — budibaseCWE-74 9.1 Critical2026-03-09
CVE-2026-3814 UTT HiPER 810G getOneApConfTempEntry strcpy buffer overflow — HiPER 810GCWE-120 8.8 High2026-03-09
CVE-2026-3813 opencc JFlow WF_CCForm.java Calculate injection — JFlowCWE-74 6.3 Medium2026-03-09
CVE-2025-41772 wwwupdate.cgi Session token in URL — UBR-01 Mk IICWE-598 7.5 High2026-03-09
CVE-2025-41762 Secret leak with wwwdnload.cgi — UBR-01 Mk IICWE-328 6.2 Medium2026-03-09
CVE-2026-3823 Atop Technologies|EHG2408 series switch - Stack-based Buffer Overflow — EHG2408CWE-121 8.8 High2026-03-09
CVE-2026-3822 Taipower|Taipower APP(Android) - Improper Certificate Validation — Taipower APPCWE-295 6.5 Medium2026-03-09
CVE-2026-30140 Tenda W15E 安全漏洞 — n/a 9.8AICriticalAI2026-03-09
CVE-2025-70973 Sensorweb ScadaBR 安全漏洞 — n/a 8.8AIHighAI2026-03-09
CVE-2026-3725 1024-lab/lab1024 SmartAdmin FreeMarker Template MailService.java freemarkerResolverContent special elements used in a template engine — SmartAdminCWE-1336 6.3 Medium2026-03-08
CVE-2026-3701 H3C Magic B1 aspForm Edit_BasicSSID_5G buffer overflow — Magic B1CWE-120 8.8 High2026-03-08
CVE-2026-3704 Wavlink NU516U1 Incomplete Fix CVE-2025-10959 firewall.cgi sub_405B2C command injection — NU516U1CWE-77 4.7 Medium2026-03-08
CVE-2026-3697 Planet ICG-2510 Language Package Configuration httpd sub_40C8E4 stack-based overflow — ICG-2510CWE-121 6.3 Medium2026-03-08
CVE-2026-3696 Totolink N300RH CGI cstecgi.cgi setWiFiWpsConfig os command injection — N300RHCWE-78 7.3 High2026-03-08
CVE-2026-3682 welovemedia FFmate ffmpeg.go Execute argument injection — FFmateCWE-88 6.3 Medium2026-03-07
CVE-2026-3679 Tenda FH451 QuickIndex formQuickIndex stack-based overflow — FH451CWE-121 8.8 High2026-03-07
CVE-2026-30861 WeKnora: Remote Code Execution (RCE) via Command Injection in MCP Stdio Configuration Validation — WeKnoraCWE-78 10.0 Critical2026-03-07
CVE-2026-30860 WeKnora: Remote Code Execution via SQL Injection Bypass in AI Database Query Tool — WeKnoraCWE-89 10.0 Critical2026-03-07
CVE-2026-30858 WeKnora: DNS Rebinding Vulnerability in web_fetch Tool Allows SSRF to Internal Resources — WeKnoraCWE-918 6.5 Medium2026-03-07
CVE-2026-30855 WeKnora: Broken Access Control in Tenant Management — WeKnoraCWE-284 8.8 High2026-03-07
CVE-2026-30854 Parse Server: GraphQL `__type` introspection bypass via inline fragments when public introspection is disabled — parse-serverCWE-863 5.3 -2026-03-07
CVE-2026-30848 Parse Server: `PagesRouter` path traversal allows reading files outside configured pages directory — parse-serverCWE-22 7.5 -2026-03-07

Vulnerabilities classified as access:pre-auth represent 18829 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.