Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19401

19401 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2023-22408 Junos OS: SRX 5000 Series: Upon processing of a specific SIP packet an FPC can crash — Junos OSCWE-129 7.5 High2023-01-12
CVE-2023-22410 Junos OS: MX Series with MPC10/MPC11: When Suspicious Control Flow Detection (scfd) is enabled and an attacker is sending specific traffic, this causes a memory leak. — Junos OSCWE-401 7.5 High2023-01-12
CVE-2023-22411 Junos OS: SRX Series: The flow processing daemon (flowd) will crash when Unified Policies are used with IPv6 and certain dynamic applications are rejected by the device — Junos OSCWE-787 7.5 High2023-01-12
CVE-2023-22412 Junos OS: MX Series and SRX Series: The flow processing daemon (flowd) will crash if the SIP ALG is enabled and specific SIP messages are processed — Junos OSCWE-667 7.5 High2023-01-12
CVE-2023-22413 Junos OS: MX Series: The Multiservices PIC Management Daemon (mspmand) will crash when an IPsec6 tunnel processes specific IPv4 packets — Junos OSCWE-703 7.5 High2023-01-12
CVE-2023-22414 Junos OS: PTX Series and QFX10000 Series: An FPC memory leak is observed when specific EVPN VXLAN Multicast packets are processed — Junos OSCWE-401 6.5 Medium2023-01-12
CVE-2023-22415 Junos OS: MX Series and SRX Series: The flow processing daemon (flowd) will crash when specific H.323 packets are received — Junos OSCWE-787 7.5 High2023-01-12
CVE-2023-22416 Junos OS: MX Series and SRX Series: The flow processing daemon (flowd) will crash if SIP ALG is enabled and a malformed SIP packet is received — Junos OSCWE-120 7.5 High2023-01-12
CVE-2023-22417 Junos OS: SRX Series: A memory leak might be observed in IPsec VPN scenario leading to an FPC crash — Junos OSCWE-401 7.5 High2023-01-12
CVE-2022-3870 GitLab Enterprise Edition和GitLab Community Edition 安全漏洞 — GitLab 5.3 Medium2023-01-12
CVE-2022-46463 Harbor 访问控制错误漏洞 — n/a 7.5 -2023-01-12
CVE-2022-4874 Authenticated bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows unauthenticated user to get access to content. — NF20 7.5 -2023-01-11
CVE-2022-3841 Red Hat Advanced Cluster Management for Kubernetes 代码问题漏洞 — RHACM 9.1 -2023-01-11
CVE-2022-43389 Zyxel NR7101 安全漏洞 — NR7101 firmwareCWE-120 8.6 High2023-01-11
CVE-2022-43393 Zyxel GS1920 代码问题漏洞 — GS1920-24v2 firmwareCWE-754 8.2 High2023-01-11
CVE-2022-4707 Royal Elementor Addons <= 1.3.59 - Cross-Site Request Forgery to Menu Template creation — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-352 4.3 Medium2023-01-10
CVE-2022-4710 Royal Elementor Addons <= 1.3.59 - Reflected Cross-Site Scripting — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 6.1 Medium2023-01-10
CVE-2022-43514 Siemens Automation License Manager 路径遍历漏洞 — Automation License Manager V5CWE-22 7.7 High2023-01-10
CVE-2022-43513 Siemens Automation License Manager 安全漏洞 — Automation License Manager V5CWE-73 8.2 High2023-01-10
CVE-2023-0017 Improper access control in SAP NetWeaver AS for Java — NetWeaver AS for JavaCWE-284 9.4 Critical2023-01-10
CVE-2022-4422 SQLi in Bulutdesk Callcenter — Bulutdesk CallcenterCWE-89 9.8 Critical2023-01-10
CVE-2022-4310 Slimstat Analytics < 4.9.3 - Unauthenticated Stored XSS — Slimstat Analytics 6.1 -2023-01-09
CVE-2022-43972 Null pointer dereference in Linksys WRT54GL — WRT54GL Wireless-G Broadband RouterCWE-476 6.5 Medium2023-01-09
CVE-2022-0668 JFrog Artifactory 安全漏洞 — JFrog ArtifactoryCWE-274 5.3 Medium2023-01-08
CVE-2023-0088 Swifty Page Manager <= 3.0.1 - Cross-Site Request Forgery — Swifty Page ManagerCWE-352 8.8 High2023-01-05
CVE-2023-0086 JetWidgets for Elementor <= 1.0.12 - Cross-Site Request Forgery to Settings Update — JetWidgets For ElementorCWE-352 5.4 Medium2023-01-05
CVE-2023-0038 Survey Maker – Best WordPress Survey Plugin <= 3.1.3 - Unauthenticated Stored Cross-Site Scripting — Survey MakerCWE-79 7.2 High2023-01-03
CVE-2021-32824 Regular expression Denial of Service in MooTools — DubboCWE-502 9.8 Critical2023-01-03
CVE-2022-39039 aEnrich a+HRD - Server-Side Request Forgery (SSRF) — a+HRDCWE-918 9.8 Critical2023-01-03
CVE-2022-39040 aEnrich a+HRD - Path Traversal — a+HRDCWE-22 7.5 High2023-01-03

Vulnerabilities classified as access:pre-auth represent 19401 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.