Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19401

19401 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2022-39041 aEnrich a+HRD - SQL Injection — a+HRDCWE-89 9.8 Critical2023-01-03
CVE-2022-39042 aEnrich a+HRD - Improper Authentication — a+HRDCWE-287 9.8 Critical2023-01-03
CVE-2022-46304 ChangingTec ServiSign - Command Injection — ServiSign CWE-78 8.8 High2023-01-03
CVE-2022-46305 ChangingTec ServiSign - Path Traversal — ServiSignCWE-22 6.5 Medium2023-01-03
CVE-2022-46306 ChangingTec ServiSign - Path Traversal — ServiSignCWE-22 8.8 High2023-01-03
CVE-2022-47618 Merit Lilin Ent. Co., Ltd. AH55B04 & AH55B08 DVR - Hard-coded Credentials — AH55B04 DVR firmwareCWE-798 9.8 Critical2023-01-03
CVE-2022-4329 Product list Widget for Woocommerce <= 1.0 - Reflected XSS — Product list Widget for Woocommerce 6.1 -2023-01-02
CVE-2022-4099 Joy Of Text Lite < 2.3.1 - Unauthenticated SQLi — Joy Of Text Lite 9.8 -2023-01-02
CVE-2022-4298 Wholesale Market < 2.2.1 - Unauthenticated Arbitrary File Download — Wholesale Market 7.5 -2023-01-02
CVE-2022-4049 WP User <= 7.0 - Unauthenticated SQLi — WP User 9.8 -2023-01-02
CVE-2022-4140 Welcart e-Commerce < 2.8.5 - Unauthenticated Arbitrary File Access — Welcart e-Commerce 7.5 -2023-01-02
CVE-2022-3241 Build App Online < 1.0.19 - Unauthenticated SQL Injection — Build App Online 9.8 -2023-01-02
CVE-2022-4357 LetsRecover < 1.2.0 - Unauthenticated SQLi — LetsRecover 9.8 -2023-01-02
CVE-2022-4059 Cryptocurrency Widgets Pack < 2.0 - Unauthenticated SQLi — Cryptocurrency Widgets Pack 9.8 -2023-01-02
CVE-2022-4297 WP AutoComplete Search <= 1.0.4 - Unauthenticated SQLi — WP AutoComplete Search 9.8 -2023-01-02
CVE-2022-42475 Fortinet FortiOS 缓冲区错误漏洞 — FortiProxyCWE-197 9.3 Critical2023-01-02
CVE-2022-38203 The allowedProxyHosts property is not fully honored in ArcGIS Enterprise (10.8.1 and 10.7.1 only) — Portal for ArcGISCWE-918 7.5 High2022-12-30
CVE-2022-38204 Reflected XSS vulnerability in Portal for ArcGIS (10.8.1 and 10.7.1 only) — ArcGIS EnterpriseCWE-79 6.1 Medium2022-12-30
CVE-2022-38205 Portal for ArcGIS has a directory traversal vulnerability (10.9.1, 10.8.1 and 10.7.1 only) — ArcGIS EnterpriseCWE-23 8.6 High2022-12-30
CVE-2022-38206 Reflected XSS vulnerability in Portal for ArcGIS (10.9.1, 10.8.1 and 10.7.1 only) — ArcGIS EnterpriseCWE-79 6.1 Medium2022-12-30
CVE-2022-38207 Reflected XSS vulnerability in Portal for ArcGIS (10.8.1 and 10.7.1 only) — ArcGIS EnterpriseCWE-79 6.1 Medium2022-12-30
CVE-2022-38208 Unvalidated redirect in Portal for ArcGIS — ArcGIS EnterpriseCWE-601 6.1 Medium2022-12-30
CVE-2022-38209 Reflected XSS vulnerability in Portal for ArcGIS — ArcGIS QuickcaptureCWE-79 6.1 Medium2022-12-30
CVE-2022-38210 HTML injection in accountswitcher-callback.html (10.9.1, 10.8.1 and 10.7.1 only) — ArcGIS EnterpriseCWE-80 6.1 Medium2022-12-30
CVE-2022-38211 Server Side Request Forgery (SSRF) vulnerability in Portal for ArcGIS (10.9.1, 10.8.1 and 10.7.1 only) — ArcGIS EnterpriseCWE-918 7.5 High2022-12-30
CVE-2022-38212 Server Side Request Forgery (SSRF) vulnerability in Portal for ArcGIS (10.8.1 and 10.7.1 only) — ArcGIS EnterpriseCWE-918 7.5 High2022-12-30
CVE-2022-48196 多款NETGEAR产品 安全漏洞 — n/a 7.4 High2022-12-30
CVE-2022-36437 Hazelcast 授权问题漏洞 — n/a 9.1 -2022-12-29
CVE-2022-38202 BUG-000152121 - Directory traversal vulnerability in ArcGIS Server. — ArcGIS ServerCWE-23 7.5 High2022-12-28
CVE-2022-45423 Dahua software products 访问控制错误漏洞 — DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 7.5 -2022-12-27

Vulnerabilities classified as access:pre-auth represent 19401 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.