Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19393

19393 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2023-22754 Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes — Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central 8.1 High2023-02-28
CVE-2023-22753 Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes — Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central 8.1 High2023-02-28
CVE-2023-22752 Unauthenticated Stack-Based Buffer Overflow Vulnerabilities in the PAPI Protocol — Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central 9.8 Critical2023-02-28
CVE-2023-22751 Unauthenticated Stack-Based Buffer Overflow Vulnerabilities in the PAPI Protocol — Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central 9.8 Critical2023-02-28
CVE-2023-22750 Multiple Unauthenticated Command Injections in the PAPI Protocol — Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central 9.8 Critical2023-02-28
CVE-2023-22749 Multiple Unauthenticated Command Injections in the PAPI Protocol — Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central 9.8 Critical2023-02-28
CVE-2023-22748 Multiple Unauthenticated Command Injections in the PAPI Protocol — Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central 9.8 Critical2023-02-28
CVE-2023-22747 Multiple Unauthenticated Command Injections in the PAPI Protocol — Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central 9.8 Critical2023-02-28
CVE-2023-1028 WP Meta SEO <= 4.5.3 - Cross-Site Request Forgery via 'setIgnore' — WP Meta SEOCWE-352 4.3 Medium2023-02-28
CVE-2023-1080 GN Publisher <= 1.5.5 - Reflected Cross-Site Scripting — GN Publisher: Google News Compatible RSS FeedsCWE-79 6.1 Medium2023-02-28
CVE-2023-25264 Tornado 授权问题漏洞 — n/a 7.5 -2023-02-28
CVE-2023-26255 Jira plugin STAGIL Navigation 路径遍历漏洞 — n/a 7.5 -2023-02-28
CVE-2023-26256 Jira plugin STAGIL Navigation 路径遍历漏洞 — n/a 7.5 -2023-02-28
CVE-2023-27293 OpenCats 跨站脚本漏洞 — OpenCATS 6.1 -2023-02-28
CVE-2023-0331 Correos Oficial <= 1.2.0.2 - Unauthenticated Arbitrary File Download — Correos Oficial 7.5 -2023-02-27
CVE-2022-45140 WAGO: Missing Authentication for Critical Function — Compact Controller CC100 (751-9301)CWE-306 9.8 Critical2023-02-27
CVE-2022-45138 WAGO: Missing Authentication for Critical Function — Compact Controller CC100 (751-9301)CWE-306 9.8 Critical2023-02-27
CVE-2023-1068 Download Read More Excerpt Link <= 1.6.0 - Cross-Site Request Forgery to Settings Update — Read More Excerpt LinkCWE-352 4.3 Medium2023-02-27
CVE-2023-26035 ZoneMinder vulnerable to Missing Authorization — zoneminderCWE-862 7.2 High2023-02-25
CVE-2023-1029 WP Meta SEO <= 4.5.3 - Cross-Site Request Forgery via 'regenerateSitemaps' — WP Meta SEOCWE-352 4.3 Medium2023-02-24
CVE-2021-33224 Umbraco Forms 代码问题漏洞 — n/a 9.8 -2023-02-24
CVE-2023-20011 Cisco Application Policy Infrastructure Controller and Cisco Cloud Network Controller Cross-Site Request Forgery Vulnerability — Cisco Application Policy Infrastructure Controller (APIC)CWE-352 8.8 High2023-02-23
CVE-2023-20012 Cisco Nexus 9300-FX3 Series Fabric Extender for UCS Fabric Interconnects Authentication Bypass Vulnerability — Cisco Unified Computing System (Managed)CWE-287 5.3 Medium2023-02-23
CVE-2023-20016 Cisco FXOS Software and UCS Manager Software Configuration Backup Static Key Vulnerability — Cisco Unified Computing System (Managed)CWE-321 6.3 Medium2023-02-23
CVE-2023-20089 Cisco Nexus 9000 Series Fabric Switches in ACI Mode Link Layer Discovery Protocol Memory Leak Denial of Service Vulnerability — Cisco NX-OS System Software in ACI ModeCWE-789 7.4 High2023-02-23
CVE-2023-26326 WordPress Plugin BuddyForms 代码问题漏洞 — BuddyForms WordPress Plugin 9.8 -2023-02-23
CVE-2022-37938 HPE Serviceguard 代码问题漏洞 — HPE Serviceguard for Linux 9.8 -2023-02-22
CVE-2022-37937 HPE Serviceguard 缓冲区错误漏洞 — HPE Serviceguard for Linux 9.8 -2023-02-22
CVE-2022-37936 HPE Serviceguard 代码问题漏洞 — HPE Serviceguard for Linux 9.8 -2023-02-22
CVE-2023-0846 Unauthenticated, stored XSS in display of alarm reduction-key — HorizonCWE-79 6.7 Medium2023-02-22

Vulnerabilities classified as access:pre-auth represent 19393 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.