Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19393

19393 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2022-29056 Fortinet FortiMail 安全漏洞 — FortiMailCWE-307 3.5 Low2023-03-09
CVE-2023-20049 Cisco IOS XR Software for ASR 9000 Series Routers Bidirectional Forwarding Detection Denial of Service Vulnerability — Cisco IOS XR SoftwareCWE-805 8.6 High2023-03-09
CVE-2023-20064 Cisco IOS XR Software Bootloader Unauthenticated Information Disclosure Vulnerability — Cisco IOS XR SoftwareCWE-862 4.6 Medium2023-03-09
CVE-2022-46752 Dell BIOS 安全漏洞 — CPG BIOSCWE-285 4.6 Medium2023-03-08
CVE-2022-20929 Cisco Enterprise NFV Infrastructure Software 数据伪造问题漏洞 — Cisco Enterprise NFV Infrastructure SoftwareCWE-347 7.8 High2023-03-08
CVE-2023-22889 Zephyr 代码注入漏洞 — n/a 9.8 -2023-03-08
CVE-2023-22890 Zephyr 代码问题漏洞 — n/a 7.5 -2023-03-08
CVE-2023-22892 Zephyr 安全漏洞 — n/a 7.5 -2023-03-08
CVE-2023-1263 CMP – Coming Soon & Maintenance Plugin by NiteoThemes <= 4.1.6 - Information Exposure — CMP – Coming Soon & Maintenance Plugin by NiteoThemesCWE-200 5.3 Medium2023-03-07
CVE-2022-41329 Fortinet FortiProxy 信息泄露漏洞 — FortiProxyCWE-200 5.2 Medium2023-03-07
CVE-2022-41333 Fortinet FortiRecorder 资源管理错误漏洞 — FortiRecorderCWE-400 6.8 High2023-03-07
CVE-2021-4333 WP Statistics <= 13.1.1 - Cross-Site Request Forgery to Arbitrary Plugin Activation and Deactivation — WP Statistics – Simple, privacy-friendly Google Analytics alternativeCWE-352 6.5 Medium2023-03-07
CVE-2020-36669 JetBackup – WP Backup, Migrate & Restore <= 1.3.9 - Cross-Site Request Forgery to Arbitrary File Upload — JetBackup – Backup, Restore & MigrateCWE-352 8.8 High2023-03-07
CVE-2022-4328 WooCommerce Checkout Field Manager < 18.0 - Unauthenticated Arbitrary File Upload — WooCommerce Checkout Field Manager 9.8 -2023-03-06
CVE-2023-22858 Stored cross-site scripting in BlogEngine.NET version 3.3.8.0 — BlogEngine.NETCWE-862 5.3 Medium2023-03-06
CVE-2023-0968 Watu Quiz <= 3.3.9 - Reflected Cross-Site Scripting — Watu QuizCWE-79 6.1 Medium2023-03-03
CVE-2023-0457 Information Disclosure Vulnerability in MELSEC Series — MELSEC iQ-F Series FX5U-32MT/ESCWE-256 7.5 High2023-03-03
CVE-2022-41862 PostgreSQL 安全漏洞 — postgresqlCWE-200 3.7 -2023-03-03
CVE-2023-20078 Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities — Cisco IP Phones with Multiplatform FirmwareCWE-121 9.8 Critical2023-03-03
CVE-2023-20079 Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities — Cisco IP Phones with Multiplatform FirmwareCWE-121 9.8 Critical2023-03-03
CVE-2023-20088 Cisco Finesse Reverse Proxy VPN-less Access to Finesse Desktop Denial of Service Vulnerability — Cisco Unified Contact Center EnterpriseCWE-285 5.3 Medium2023-03-03
CVE-2023-20104 Cisco Webex App for Web Cross-Site Scripting Vulnerability — Cisco Webex TeamsCWE-79 6.1 Medium2023-03-03
CVE-2023-26052 Saleor is vulnerable to unauthenticated information disclosure via Python exceptions — saleorCWE-209 3.7 Low2023-03-02
CVE-2023-0084 Metform Elementor Contact Form Builder <= 3.1.2 - Unauthenticated Stored Cross-Site Scripting — MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for ElementorCWE-79 7.2 High2023-03-02
CVE-2023-0085 Metform Elementor Contact Form Builder <= 3.2.1 - reCaptcha Protection Bypass — MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for ElementorCWE-693 5.3 Medium2023-03-02
CVE-2023-0656 SonicWALL SonicOS 缓冲区错误漏洞 — SonicOSCWE-121 7.5 -2023-03-02
CVE-2023-23689 Dell PowerScale OneFS 资源管理错误漏洞 — PowerScale OneFSCWE-400 5.3 Medium2023-02-28
CVE-2023-22757 Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes — Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central 8.1 High2023-02-28
CVE-2023-22756 Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes — Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central 8.1 High2023-02-28
CVE-2023-22755 Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes — Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central 8.1 High2023-02-28

Vulnerabilities classified as access:pre-auth represent 19393 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.