Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19393

19393 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2023-1172 WordPress Plugin Bookly 跨站脚本漏洞 — WordPress Online Booking and Scheduling Plugin – Bookly 7.2 High2023-03-17
CVE-2021-21548 Dell EMC Unisphere for PowerMax信任管理问题漏洞 — Unisphere for PowerMax, Dell EMC Unisphere for PowerMax Virtual Appliance , PowerMax OSCWE-295 7.4 High2023-03-17
CVE-2023-1256 CVE-2023-1256 — AVEVA Plant SCADA 9.8 Critical2023-03-16
CVE-2023-1431 WordPress Plugin WP Simple Shopping Cart 信息泄露漏洞 — WordPress Simple Shopping Cart 5.3 Medium2023-03-16
CVE-2023-28096 OpenSIPS has memory leak in cJSON lib — opensipsCWE-401 4.5 Medium2023-03-15
CVE-2023-28461 Array Networks ArrayOS AG 授权问题漏洞 — n/a 9.8 -2023-03-15
CVE-2023-1389 TP-LINK Archer AX21 命令注入漏洞 — TP-Link Archer AX21 (AX1800) 8.8 -2023-03-15
CVE-2023-25589 Unauthenticated Arbitrary User Creation Leads to Complete System Compromise — Aruba ClearPass Policy Manager 9.8 Critical2023-03-14
CVE-2023-25957 Siemens Mendix SAML Module 授权问题漏洞 — Mendix SAML (Mendix 7 compatible)CWE-303 9.1 Critical2023-03-14
CVE-2023-27498 Memory Corruption vulnerability in SAP Host Agent (SAPOSCOL) — Host Agent (SAPOSCOL)CWE-121 7.2 High2023-03-14
CVE-2023-27268 Improper Access Control in SAP NetWeaver AS Java (Object Analyzing Service) — NetWeaver AS Java (Object Analyzing Service)CWE-284 5.3 Medium2023-03-14
CVE-2023-23857 Improper Access Control in SAP NetWeaver AS for Java — NetWeaver AS for JavaCWE-287 9.9 Critical2023-03-14
CVE-2023-0021 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver — SAP NetWeaverCWE-79 6.1 Medium2023-03-14
CVE-2023-1327 NETGEAR RAX30 授权问题漏洞 — Netgear RAX30 (AX2400) 9.8 -2023-03-14
CVE-2023-0349 CVE-2023-0349 — E11 7.5 High2023-03-13
CVE-2023-0352 CVE-2023-0352 — E11 9.1 Critical2023-03-13
CVE-2023-0037 10WebMapBuilder < 1.0.73 - Unauthenticated SQLi — 10Web Map Builder for Google Maps 9.8 -2023-03-13
CVE-2023-1372 WH Testimonials <= 3.0.0 - Unauthenticated Stored Cross-Site Scripting — WH TestimonialsCWE-79 7.2 High2023-03-13
CVE-2023-1346 RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'clear_page_cache' — RapidLoad AI – Optimize Web Vitals AutomaticallyCWE-352 4.3 Medium2023-03-10
CVE-2023-1345 RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'queue_posts' — RapidLoad AI – Optimize Web Vitals AutomaticallyCWE-352 4.3 Medium2023-03-10
CVE-2023-1344 RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'uucss_update_rule' — RapidLoad AI – Optimize Web Vitals AutomaticallyCWE-352 4.3 Medium2023-03-10
CVE-2023-1343 RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'attach_rule' — RapidLoad AI – Optimize Web Vitals AutomaticallyCWE-352 4.3 Medium2023-03-10
CVE-2023-1342 RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'ucss_connect' — RapidLoad AI – Optimize Web Vitals AutomaticallyCWE-352 4.3 Medium2023-03-10
CVE-2023-1341 RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'ajax_deactivate' — RapidLoad AI – Optimize Web Vitals AutomaticallyCWE-352 4.3 Medium2023-03-10
CVE-2023-1340 RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'clear_uucss_logs' — RapidLoad AI – Optimize Web Vitals AutomaticallyCWE-352 4.3 Medium2023-03-10
CVE-2021-27788 HCL Verse is susceptible to a Cross Site Scripting (XSS) vulnerability — Verse 8.3 High2023-03-10
CVE-2022-44574 Avalanche 授权问题漏洞 — Ivanti AvalancheCWE-287 7.5 -2023-03-10
CVE-2023-25573 Improper access control to download file in metersphere — metersphereCWE-862 8.6 High2023-03-09
CVE-2023-26209 Fortinet FortiDeceptor 安全漏洞 — FortiDeceptorCWE-307 3.5 Low2023-03-09
CVE-2023-26208 Fortinet FortiAuthenticator 安全漏洞 — FortiAuthenticatorCWE-307 3.5 Low2023-03-09

Vulnerabilities classified as access:pre-auth represent 19393 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.