Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19401

19401 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2023-28712 CVE-2023-28712 — Osprey Pump Controller 8.2 High2023-03-28
CVE-2023-28398 CVE-2023-28398 — Osprey Pump Controller 9.8 Critical2023-03-28
CVE-2023-27394 CVE-2023-27394 — Osprey Pump Controller 9.8 Critical2023-03-28
CVE-2023-27886 CVE-2023-27886 — Osprey Pump Controller 9.8 Critical2023-03-28
CVE-2023-28375 CVE-2023-28375 — Osprey Pump Controller 7.5 High2023-03-28
CVE-2022-45460 Xiongmai NVR devices 缓冲区错误漏洞 — n/a 9.1 -2023-03-28
CVE-2023-28650 CVE-2023-28650 — EY-AS525F001 with moduWeb 6.1 -2023-03-27
CVE-2023-22300 CVE-2023-22300 — EY-AS525F001 with moduWeb 5.4 -2023-03-27
CVE-2023-1140 CVE-2023-1140 — InfraSuite Device Master 9.8 Critical2023-03-27
CVE-2023-1136 CVE-2023-1136 — InfraSuite Device Master 9.8 Critical2023-03-27
CVE-2023-1133 CVE-2023-1133 — InfraSuite Device Master 9.8 Critical2023-03-27
CVE-2022-47925 Insufficient Input Validation in the Endpoint of the csaf-validator-service — csaf-validator-serviceCWE-20 7.5 High2023-03-27
CVE-2022-39043 Juiker app - Information Leakage — Juiker appCWE-200 2.4 Low2023-03-27
CVE-2022-41354 Argo CD 安全漏洞 — n/a 5.3 -2023-03-27
CVE-2023-22247 Adobe Commerce XML Injection Arbitrary file system read — Magento CommerceCWE-91 7.5 High2023-03-27
CVE-2023-24838 HGiga PowerStation - Information Leakage — PowerStationCWE-200 9.8 Critical2023-03-27
CVE-2023-24839 HGiga MailSherlock - Reflected XSS — MailSherlockCWE-79 6.1 Medium2023-03-27
CVE-2023-24842 HGiga MailSherlock - Broken Access Control — MailSherlockCWE-639 5.3 Medium2023-03-27
CVE-2023-25909 HGiga Inc. OAKlouds - Arbitrary File Upload — HGiga OAKloudsCWE-434 9.8 Critical2023-03-27
CVE-2023-20107 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Low-Entropy Keys Vulnerability — Cisco Adaptive Security Appliance (ASA) SoftwareCWE-332 7.5 -2023-03-23
CVE-2023-20112 Cisco Access Point Software Association Request Denial of Service Vulnerability — Cisco Aironet Access Point SoftwareCWE-126 7.4 High2023-03-23
CVE-2023-20113 Cisco SD-WAN vManage Software Cross-Site Request Forgery Vulnerability — Cisco SD-WAN vManageCWE-352 6.5 Medium2023-03-23
CVE-2023-28470 Couchbase Server 访问控制错误漏洞 — n/a 5.3 -2023-03-23
CVE-2023-20027 Cisco IOS XE Software Virtual Fragmentation Reassembly Denial of Service Vulnerability — Cisco IOS XE SoftwareCWE-416 8.6 High2023-03-23
CVE-2023-20067 Cisco IOS XE Software for Wireless LAN Controllers HTTP Client Profiling Denial of Service Vulnerability — Cisco IOS XE SoftwareCWE-770 7.4 High2023-03-23
CVE-2023-20072 Cisco IOS XE Software Fragmented Tunnel Protocol Packet Denial of Service Vulnerability — Cisco IOS XE SoftwareCWE-20 8.6 High2023-03-23
CVE-2023-20080 Cisco IOS and IOS XE Software IPv6 DHCP (DHCPv6) Relay and Server Denial of Service Vulnerability — Cisco IOSCWE-129 8.6 High2023-03-23
CVE-2023-20081 Cisco Adaptive Security Appliance Software, Firepower Threat Defense Software, IOS Software, and IOS XE Software IPv6 DHCP (DHCPv6) Client Denial of Service Vulnerability — Cisco IOSCWE-122 6.8 Medium2023-03-23
CVE-2023-20082 Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches Secure Boot Bypass Vulnerability — Cisco IOS XE ROMMON SoftwareCWE-78 6.1 Medium2023-03-23
CVE-2023-20100 Cisco IOS XE Software for Wireless LAN Controllers CAPWAP Join Denial of Service Vulnerability — Cisco IOS XE SoftwareCWE-694 6.8 Medium2023-03-23

Vulnerabilities classified as access:pre-auth represent 19401 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.