Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19466

19466 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2022-38546 Zyxel NBG7510 安全漏洞 — NBG7510 firmwareCWE-284 5.3 Medium2022-12-21
CVE-2022-4050 JoomSport < 5.2.8 - Unauthenticated SQLi — JoomSport 9.8 -2022-12-19
CVE-2022-4106 Wholesale Market for WooCommerce < 1.0.7 - Unauthenticated Arbitrary File Download — Wholesale Market for WooCommerce 7.5 -2022-12-19
CVE-2022-4125 Popup Manager <= 1.6.6 - Unauthenticated Stored XSS — Popup Manager 4.7 -2022-12-19
CVE-2022-4124 Popup Manager <= 1.6.6 - Unauthenticated Arbitrary Popup Deletion — Popup Manager 4.3 -2022-12-19
CVE-2022-4061 JobBoardWP < 1.2.2 - Unauthenticated Arbitrary File Upload — JobBoardWP 9.1 -2022-12-19
CVE-2022-4024 Pie Register < 3.8.1.3 - Unauthenticated Arbitrary User Deletion — Registration Forms 4.3 -2022-12-19
CVE-2022-41993 Japan Construction Information Center DENSHI NYUSATSU CORE SYSTEM 跨站脚本漏洞 — DENSHI NYUSATSU CORE SYSTEM 6.1 -2022-12-19
CVE-2022-44456 Contec CONPROSYS HMI System 操作系统命令注入漏洞 — CONPROSYS HMI System (CHS) 9.8 -2022-12-19
CVE-2022-46287 Japan Construction Information Center DENSHI NYUSATSU CORE SYSTEM 跨站脚本漏洞 — DENSHI NYUSATSU CORE SYSTEM 6.1 -2022-12-19
CVE-2022-46288 Japan Construction Information Center DENSHI NYUSATSU CORE SYSTEM 输入验证错误漏洞 — DENSHI NYUSATSU CORE SYSTEM 6.1 -2022-12-19
CVE-2022-44754 HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. — Domino 9.8 Critical2022-12-17
CVE-2022-44752 HCL Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView — Domino 9.8 Critical2022-12-17
CVE-2022-44750 HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. — Domino 9.8 Critical2022-12-17
CVE-2022-44755 HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView — Notes 9.8 Critical2022-12-17
CVE-2022-44753 HCL Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView — Notes 9.8 Critical2022-12-17
CVE-2022-44751 HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView — Notes 9.8 Critical2022-12-17
CVE-2022-46670 Rockwell Automation MicroLogix 1100 & 1400 Vulnerable to Cross-Site Scripting Attack — MicroLogix 1100 & 1400 ControllersCWE-79 7.1 High2022-12-16
CVE-2022-4555 WP Shamsi <= 4.1.0 - Missing Authorization to Arbitrary Plugin Deactivation — WP Shamsi – افزونه تاریخ شمسی و فارسی ساز وردپرسCWE-862 6.5 Medium2022-12-16
CVE-2022-25626 Symantec Identity Manager 授权问题漏洞 — Symantec Identity Governance and Administration 5.3 -2022-12-16
CVE-2022-47208 NETGEAR Nighthawk 操作系统命令注入漏洞 — NETGEAR Nighthawk WiFi6 Router 8.8 -2022-12-16
CVE-2022-3427 Corner Ad <= 1.0.56 - Cross-Site Request Forgery — Corner AdCWE-352 8.8 High2022-12-15
CVE-2022-2536 Transposh WordPress Translation <= 1.0.9.6 - Authorization Bypass — Transposh WordPress TranslationCWE-285 5.3 Medium2022-12-15
CVE-2022-32943 Apple iOS 安全漏洞 — macOS--2022-12-15
CVE-2022-3590 WP <= 6.1.1 - Unauthenticated Blind SSRF via DNS Rebinding — WordPress 5.9 -2022-12-14
CVE-2022-31702 VMware vRealize Network Insight 命令注入漏洞 — VMware vRealize Network Insight (vRNI) 9.8 -2022-12-14
CVE-2022-31703 VMware vRealize Network Insight 路径遍历漏洞 — vRealize Log Insight (vRLI) 9.8 -2022-12-14
CVE-2022-46072 Helmet Store Showroom Site SQL注入漏洞 — n/a 9.8 -2022-12-14
CVE-2022-46074 Helmet Store Showroom Site 跨站请求伪造漏洞 — n/a 8.8 -2022-12-14
CVE-2022-40264 Mitsubishi Electric GENESIS64 路径遍历漏洞 — GENESIS64CWE-22 6.3 Medium2022-12-13

Vulnerabilities classified as access:pre-auth represent 19466 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.