Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19401

19401 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2022-4061 JobBoardWP < 1.2.2 - Unauthenticated Arbitrary File Upload — JobBoardWP 9.1 -2022-12-19
CVE-2022-4024 Pie Register < 3.8.1.3 - Unauthenticated Arbitrary User Deletion — Registration Forms 4.3 -2022-12-19
CVE-2022-41993 Japan Construction Information Center DENSHI NYUSATSU CORE SYSTEM 跨站脚本漏洞 — DENSHI NYUSATSU CORE SYSTEM 6.1 -2022-12-19
CVE-2022-44456 Contec CONPROSYS HMI System 操作系统命令注入漏洞 — CONPROSYS HMI System (CHS) 9.8 -2022-12-19
CVE-2022-46287 Japan Construction Information Center DENSHI NYUSATSU CORE SYSTEM 跨站脚本漏洞 — DENSHI NYUSATSU CORE SYSTEM 6.1 -2022-12-19
CVE-2022-46288 Japan Construction Information Center DENSHI NYUSATSU CORE SYSTEM 输入验证错误漏洞 — DENSHI NYUSATSU CORE SYSTEM 6.1 -2022-12-19
CVE-2022-44754 HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. — Domino 9.8 Critical2022-12-17
CVE-2022-44752 HCL Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView — Domino 9.8 Critical2022-12-17
CVE-2022-44750 HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. — Domino 9.8 Critical2022-12-17
CVE-2022-44755 HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView — Notes 9.8 Critical2022-12-17
CVE-2022-44753 HCL Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView — Notes 9.8 Critical2022-12-17
CVE-2022-44751 HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView — Notes 9.8 Critical2022-12-17
CVE-2022-46670 Rockwell Automation MicroLogix 1100 & 1400 Vulnerable to Cross-Site Scripting Attack — MicroLogix 1100 & 1400 ControllersCWE-79 7.1 High2022-12-16
CVE-2022-4555 WP Shamsi <= 4.1.0 - Missing Authorization to Arbitrary Plugin Deactivation — WP Shamsi – افزونه تاریخ شمسی و فارسی ساز وردپرسCWE-862 6.5 Medium2022-12-16
CVE-2022-25626 Symantec Identity Manager 授权问题漏洞 — Symantec Identity Governance and Administration 5.3 -2022-12-16
CVE-2022-47208 NETGEAR Nighthawk 操作系统命令注入漏洞 — NETGEAR Nighthawk WiFi6 Router 8.8 -2022-12-16
CVE-2022-3427 Corner Ad <= 1.0.56 - Cross-Site Request Forgery — Corner AdCWE-352 8.8 High2022-12-15
CVE-2022-2536 Transposh WordPress Translation <= 1.0.9.6 - Authorization Bypass — Transposh WordPress TranslationCWE-285 5.3 Medium2022-12-15
CVE-2022-32943 Apple iOS 安全漏洞 — macOS--2022-12-15
CVE-2022-3590 WP <= 6.1.1 - Unauthenticated Blind SSRF via DNS Rebinding — WordPress 5.9 -2022-12-14
CVE-2022-31702 VMware vRealize Network Insight 命令注入漏洞 — VMware vRealize Network Insight (vRNI) 9.8 -2022-12-14
CVE-2022-31703 VMware vRealize Network Insight 路径遍历漏洞 — vRealize Log Insight (vRLI) 9.8 -2022-12-14
CVE-2022-46072 Helmet Store Showroom Site SQL注入漏洞 — n/a 9.8 -2022-12-14
CVE-2022-46074 Helmet Store Showroom Site 跨站请求伪造漏洞 — n/a 8.8 -2022-12-14
CVE-2022-40264 Mitsubishi Electric GENESIS64 路径遍历漏洞 — GENESIS64CWE-22 6.3 Medium2022-12-13
CVE-2022-4171 demon image annotation <= 5.0 - Improper Input Restriction Validation — demon image annotationCWE-1284 6.5 Medium2022-12-13
CVE-2022-4098 Wiesemann & Theis: Multiple products prone to missing authentication through spoofing — Com-Server ++CWE-290 8.0 High2022-12-13
CVE-2022-23505 Passport-wsfed-saml2 vulnerable to Authentication Bypass for WSFed authentication — passport-wsfed-saml2CWE-287 5.3 Medium2022-12-13
CVE-2022-41275 SAP Solution Manager 输入验证错误漏洞 — Solution Manager (Enterprise Search)CWE-601 6.1 Medium2022-12-13
CVE-2022-41272 SAP NetWeaver Process Integration 安全漏洞 — NetWeaver Process IntegrationCWE-862 9.9 Critical2022-12-13

Vulnerabilities classified as access:pre-auth represent 19401 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.