Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19401

19401 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2022-45424 Dahua software products 访问控制错误漏洞 — DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 5.3 -2022-12-27
CVE-2022-45430 Dahua software products 授权问题漏洞 — DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 3.7 -2022-12-27
CVE-2022-45431 Dahua software products 授权问题漏洞 — DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 7.5 -2022-12-27
CVE-2022-45432 Dahua software products 授权问题漏洞 — DSS Professional、DSS Express、DHI-DSS7016D-S2/DHI-DSS7016DR-S2、DHI-DSS4004-S2 5.3 -2022-12-27
CVE-2022-45433 Dahua software products 授权问题漏洞 — DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 5.3 -2022-12-27
CVE-2022-45434 Dahua software products 授权问题漏洞 — DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 7.5 -2022-12-27
CVE-2022-46764 TrueConf Server SQL注入漏洞 — TrueConf ServerCWE-89 9.8 Critical2022-12-27
CVE-2022-4047 Return Refund and Exchange For WooCommerce < 4.0.9 - Unauthenticated Arbitrary File Upload — Return Refund and Exchange For WooCommerce 9.8 -2022-12-26
CVE-2022-4117 IWS - Geo Form Fields <= 1.0 - Unauthenticated SQLi — IWS 9.8 -2022-12-26
CVE-2021-35951 fastrack Reflex 安全漏洞 — n/a 7.5 -2022-12-26
CVE-2021-45467 CWP Panel 代码注入漏洞 — n/a 9.8 -2022-12-26
CVE-2022-24119 GE General Electric Renewable Energy MDS Radios 安全漏洞 — n/a 9.8 -2022-12-26
CVE-2019-19030 Cloud Native Computing Foundation Harbor 安全漏洞 — n/a 5.3 -2022-12-26
CVE-2020-10650 jackson-databind 代码问题漏洞 — n/a 8.1 -2022-12-26
CVE-2020-11101 Sierra Wireless AirLink Mobility Manager 安全漏洞 — n/a 9.8 -2022-12-26
CVE-2022-44013 Simmeth System Supplier Manager 访问控制错误漏洞 — n/a 9.1 -2022-12-25
CVE-2022-45891 Planet Enterprises Planet eStream SQL注入漏洞 — n/a 9.1 -2022-12-25
CVE-2022-45896 Planet Enterprises Planet eStream 代码问题漏洞 — n/a 9.8 -2022-12-25
CVE-2022-22184 Junos OS and Junos OS Evolved: A BGP session will flap upon receipt of a specific, optional transitive attribute in version 22.3R1 — Junos OSCWE-20 7.5 High2022-12-23
CVE-2022-23854 AVEVA InTouch Access Anywhere Secure Gateway 路径遍历漏洞 — InTouch Access AnywhereCWE-23 7.5 High2022-12-23
CVE-2022-33324 Denial-of-Service Vulnerability in Ethernet port of MELSEC iQ-R, iQ-L Series and MELIPC Series — MELSEC iQ-R Series R00CPUCWE-404 7.5 High2022-12-23
CVE-2022-47945 ThinkPHP 路径遍历漏洞 — n/a 9.8 -2022-12-23
CVE-2022-3805 Jeg Elementor Kit <= 2.5.6 - Unauthenticated Authorization Bypass — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPressCWE-639 8.6 High2022-12-22
CVE-2022-3188 Dataprobe iBoot-PDU 访问控制错误漏洞 — iBoot-PDU FWCWE-863 5.3 Medium2022-12-21
CVE-2022-3184 Dataprobe iBoot-PDU 路径遍历漏洞 — iBoot-PDU FWCWE-22 9.8 Critical2022-12-21
CVE-2022-38546 Zyxel NBG7510 安全漏洞 — NBG7510 firmwareCWE-284 5.3 Medium2022-12-21
CVE-2022-4050 JoomSport < 5.2.8 - Unauthenticated SQLi — JoomSport 9.8 -2022-12-19
CVE-2022-4106 Wholesale Market for WooCommerce < 1.0.7 - Unauthenticated Arbitrary File Download — Wholesale Market for WooCommerce 7.5 -2022-12-19
CVE-2022-4125 Popup Manager <= 1.6.6 - Unauthenticated Stored XSS — Popup Manager 4.7 -2022-12-19
CVE-2022-4124 Popup Manager <= 1.6.6 - Unauthenticated Arbitrary Popup Deletion — Popup Manager 4.3 -2022-12-19

Vulnerabilities classified as access:pre-auth represent 19401 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.