Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19401

19401 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2022-41271 SAP NetWeaver Process Integration 安全漏洞 — NetWeaver Process IntegrationCWE-862 9.4 Critical2022-12-13
CVE-2022-27518 Unauthenticated remote arbitrary code execution — Citrix Gateway, Citrix ADCCWE-664 9.8 Critical2022-12-13
CVE-2022-4223 pgAdmin 代码注入漏洞 — pgadmin4CWE-94 8.8 -2022-12-13
CVE-2022-43723 Siemens SICAM PAS/PQS 输入验证错误漏洞 — SICAM PAS/PQSCWE-1287 7.5 -2022-12-13
CVE-2022-43724 Siemens SICAM PAS/PQS 安全漏洞 — SICAM PAS/PQSCWE-319 9.8 -2022-12-13
CVE-2022-46353 Siemens SCALANCE Series 安全特征问题漏洞 — SCALANCE X204RNA (HSR)CWE-330 7.5 -2022-12-13
CVE-2022-46404 Atos Unify OpenScape 4000 命令注入漏洞 — n/a 9.8 Critical2022-12-13
CVE-2022-41262 SAP NetWeaver AS 跨站脚本漏洞 — NetWeaver AS for Java (Http Provider Service)CWE-79 6.1 Medium2022-12-12
CVE-2022-3921 Listingo < 3.2.7 - Unauthenticated Arbitrary File Upload — Listingo 9.8 -2022-12-12
CVE-2022-3900 Cooked Pro < 1.7.5.7 - Unauthenticated PHP Object Injection — Cooked Pro 9.8 -2022-12-12
CVE-2022-3982 Booking Calendar < 3.2.2 - Unauthenticated Arbitrary File Upload — Booking calendar, Appointment Booking System 9.8 -2022-12-12
CVE-2022-3915 Dokan < 3.7.6 - Unauthenticated SQLi — Dokan 9.8 -2022-12-12
CVE-2022-3912 User Registration < 2.2.4.1 - Subscriber+ Arbitrary File Upload — User Registration 7.5 -2022-12-12
CVE-2022-3485 Weak Password Recovery in ifm moneo appliance — moneo applianceCWE-640 9.8 Critical2022-12-12
CVE-2022-41559 TIBCO Nimbus Open Redirect Vulnerability — TIBCO Nimbus 9.3 Critical2022-12-12
CVE-2022-25836 Bluetooth Core Specification 安全漏洞 — n/a 7.5 -2022-12-12
CVE-2022-25837 Bluetooth Core Specification 安全漏洞 — n/a 6.4 -2022-12-12
CVE-2022-46905 WebSoft HCM 跨站脚本漏洞 — n/a 6.1 -2022-12-12
CVE-2022-44790 BigCommerec Interspire Email Marketer SQL注入漏洞 — n/a 7.5 -2022-12-09
CVE-2022-20968 Cisco IP Phone 缓冲区错误漏洞 — Cisco Session Initiation Protocol (SIP) SoftwareCWE-787 8.1 High2022-12-08
CVE-2022-33186 Brocade Fabric OS 操作系统命令注入漏洞 — Brocade Fabric OS 9.1 -2022-12-08
CVE-2022-44932 Tenda A18 安全漏洞 — n/a--2022-12-08
CVE-2022-45498 Tenda W6 安全漏洞 — n/a 7.5 -2022-12-08
CVE-2022-45504 Tenda W6 安全漏洞 — n/a 7.5 -2022-12-08
CVE-2022-20691 Cisco ATA 190 资源管理错误漏洞 — Cisco Analog Telephone Adaptor (ATA) SoftwareCWE-400 5.3 Medium2022-12-07
CVE-2022-20690 Cisco ATA 190 输入验证错误漏洞 — Cisco Analog Telephone Adaptor (ATA) SoftwareCWE-130 5.3 Medium2022-12-07
CVE-2022-20689 Cisco ATA 190 输入验证错误漏洞 — Cisco Analog Telephone Adaptor (ATA) SoftwareCWE-130 5.3 Medium2022-12-07
CVE-2022-20688 Cisco ATA 190 输入验证错误漏洞 — Cisco Analog Telephone Adaptor (ATA) SoftwareCWE-125 5.3 Medium2022-12-07
CVE-2022-20687 Cisco ATA 190 输入验证错误漏洞 — Cisco Analog Telephone Adaptor (ATA) SoftwareCWE-120 5.3 Medium2022-12-07
CVE-2022-20686 Cisco ATA 190 代码注入漏洞 — Cisco Analog Telephone Adaptor (ATA) SoftwareCWE-130 5.3 Medium2022-12-07

Vulnerabilities classified as access:pre-auth represent 19401 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.