Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19389

19389 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2023-20151 Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities — Cisco Small Business RV Series Router FirmwareCWE-79 6.1 Medium2023-04-05
CVE-2023-28639 GLPI vulnerable to reflected Cross-site Scripting in search pages — glpiCWE-79 6.1 Medium2023-04-05
CVE-2023-20051 Cisco Packet Data Network Gateway IPsec ICMP Denial of Service Vulnerability — Cisco ASR 5000 Series SoftwareCWE-400 5.8 Medium2023-04-05
CVE-2023-20068 Cisco Prime Infrastructure Reflected Cross-Site Scripting Vulnerability — Cisco Prime InfrastructureCWE-79 6.1 -2023-04-05
CVE-2023-20073 Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability — Cisco Small Business RV Series Router FirmwareCWE-434 5.3 Medium2023-04-05
CVE-2023-1748 CVE-2023-1748 — Smart Alarm NXAL-100 9.3 Critical2023-04-04
CVE-2023-0325 Uvdesk 跨站脚本漏洞 — Uvdesk 6.1 -2023-04-04
CVE-2023-0357 Helpy 跨站脚本漏洞 — Helpy 6.1 -2023-04-04
CVE-2023-0480 VitalPBX 跨站请求伪造漏洞 — VitalPBX 8.8 -2023-04-04
CVE-2023-0486 VitalPBX 跨站脚本漏洞 — VitalPBX 6.1 -2023-04-04
CVE-2023-1671 Sophos Web Appliance 命令注入漏洞 — Sophos Web Appliance 9.8 Critical2023-04-04
CVE-2023-26269 Apache James server: Privilege escalation through unauthenticated JMX — Apache James serverCWE-862 7.8 -2023-04-03
CVE-2023-23594 SATO America CL4NX 安全漏洞 — n/a 9.8 -2023-03-31
CVE-2023-28733 Stored XSS affecting the AcyMailing plugin for Joomla — Newsletter Plugin for Joomla in the Enterprise version CWE-20 7.2 High2023-03-30
CVE-2023-28731 Unauthenticated RCE affecting the AcyMailing plugin for Joomla — Newsletter Plugin for Joomla in the Enterprise versionCWE-20 9.8 Critical2023-03-30
CVE-2023-1509 GMAce <= 1.5.2 - Cross-Site Request Forgery to Arbitrary File Modification (Creation/Overwrite/Deletion) — GMAceCWE-352 8.8 High2023-03-29
CVE-2020-14140 Xiaomi router 访问控制错误漏洞 — Xiaomi Multiple Devices 7.5 -2023-03-29
CVE-2023-26968 AtroCore 代码问题漏洞 — n/a 9.8 -2023-03-29
CVE-2023-28712 CVE-2023-28712 — Osprey Pump Controller 8.2 High2023-03-28
CVE-2023-28398 CVE-2023-28398 — Osprey Pump Controller 9.8 Critical2023-03-28
CVE-2023-27394 CVE-2023-27394 — Osprey Pump Controller 9.8 Critical2023-03-28
CVE-2023-27886 CVE-2023-27886 — Osprey Pump Controller 9.8 Critical2023-03-28
CVE-2023-28375 CVE-2023-28375 — Osprey Pump Controller 7.5 High2023-03-28
CVE-2022-45460 Xiongmai NVR devices 缓冲区错误漏洞 — n/a 9.1 -2023-03-28
CVE-2023-28650 CVE-2023-28650 — EY-AS525F001 with moduWeb 6.1 -2023-03-27
CVE-2023-22300 CVE-2023-22300 — EY-AS525F001 with moduWeb 5.4 -2023-03-27
CVE-2023-1140 CVE-2023-1140 — InfraSuite Device Master 9.8 Critical2023-03-27
CVE-2023-1136 CVE-2023-1136 — InfraSuite Device Master 9.8 Critical2023-03-27
CVE-2023-1133 CVE-2023-1133 — InfraSuite Device Master 9.8 Critical2023-03-27
CVE-2022-47925 Insufficient Input Validation in the Endpoint of the csaf-validator-service — csaf-validator-serviceCWE-20 7.5 High2023-03-27

Vulnerabilities classified as access:pre-auth represent 19389 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.