Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19401

19401 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2022-46145 authentik vulnerable to unauthorized user creation and potential account takeover — authentikCWE-287 8.1 High2022-12-02
CVE-2022-43325 Telos Alliance Omnia MPX Node 操作系统命令注入漏洞 — n/a 9.8 -2022-12-02
CVE-2022-44929 D-Link DVG-G5402SP 安全漏洞 — n/a 9.8 -2022-12-02
CVE-2022-45482 thisAAY Lazy Mouse 安全漏洞 — Lazy MouseCWE-521 9.8 -2022-12-02
CVE-2022-3270 Incomplete Documentation of remote functions in FESTO products. — Bus module CPX-E-EPCWE-1059 9.8 Critical2022-12-01
CVE-2022-4221 OS command injection in ASUS M25 NAS — NAS-M25CWE-78 9.8 Critical2022-12-01
CVE-2022-36431 Rocket Software TRUfusion 代码问题漏洞 — n/a 9.8 -2022-12-01
CVE-2022-37919 Aruba Networks EdgeConnect 安全漏洞 — Aruba EdgeConnect Enterprise Software 7.5 High2022-11-30
CVE-2022-1911 Information disclosure in M-Files Server — M-Files ServerCWE-200 5.3 Medium2022-11-30
CVE-2022-40265 Denial of Service (DoS) Vulnerability in MELSEC iQ-R Series Ethernet Interface Module — MELSEC iQ-R Series RJ71EN71CWE-20 8.6 High2022-11-30
CVE-2022-3898 WP Affiliate Platform <= 6.3.9 - Cross-Site Request Forgery — WP Affiliate PlatformCWE-352 8.8 High2022-11-29
CVE-2022-3896 WP Affiliate Platform <= 6.3.9 - Reflected Cross-Site Scripting — WP Affiliate PlatformCWE-79 6.1 Medium2022-11-29
CVE-2022-3747 Becustom <= 1.0.5.2 - Cross-Site Request Forgery — BecustomCWE-352 8.8 High2022-11-29
CVE-2022-4035 Appointment Hour Booking <= 1.3.72 - Unauthenticated iFrame Injection via Appointment Form — Appointment Hour Booking – Booking CalendarCWE-79 7.2 High2022-11-29
CVE-2022-4034 Appointment Hour Booking <= 1.3.72 - CSV Injection — Appointment Hour Booking – Booking CalendarCWE-1236 5.8 Medium2022-11-29
CVE-2022-4032 Quiz and Survey Master <= 8.0.4 - Unauthenticated iFrame Injection via Paragraph and Short Answer — Quiz and Survey Master (QSM) – Easy Quiz and Survey MakerCWE-20 7.2 High2022-11-29
CVE-2022-4029 Simple:Press <= 6.8 - Reflected Cross-Site Scripting via Cookie Value — Simple:Press ForumCWE-79 4.7 Medium2022-11-29
CVE-2022-4027 Simple:Press <= 6.8 - Unauthenticated Stored Cross-Site Scripting via Forum Replies — Simple:Press ForumCWE-79 7.2 High2022-11-29
CVE-2022-32967 Realtek RTL8111EP-CG/RTL8111FP-CG - Use of Hard-coded Credentials — RTL8111EP-CGCWE-798 2.1 Low2022-11-29
CVE-2022-32966 Realtek RTL8111FP-CG - Missing Authorization — RTL8111FP-CGCWE-862 6.5 Medium2022-11-29
CVE-2022-44356 WAVLINK WN531G3 安全漏洞 — n/a 6.5 -2022-11-29
CVE-2022-4169 Theme and plugin translation for Polylang <= 3.2.16 - Missing Authorization — Theme and plugin translation for Polylang (TTfP)CWE-862 6.5 Medium2022-11-28
CVE-2022-24999 qs 安全漏洞 — n/a 7.5 -2022-11-26
CVE-2022-0698 Microweber 跨站脚本漏洞 — Microweber 8.2 -2022-11-25
CVE-2022-23044 Tiny File Manager 跨站请求伪造漏洞 — Tiny File Manager 8.8 -2022-11-25
CVE-2022-41705 Badaso 代码问题漏洞 — Badaso 9.8 -2022-11-25
CVE-2022-45475 Tiny File Manager 安全漏洞 — Tiny File Manager 7.5 -2022-11-25
CVE-2022-29833 Mitsubishi Electric GX Works 安全漏洞 — GX Works3CWE-522 6.8 Medium2022-11-24
CVE-2022-29832 Mitsubishi Electric GX Works3 安全漏洞 — GX Works3CWE-316 3.7 Low2022-11-24
CVE-2022-29831 Mitsubishi Electric GX Works3 信任管理问题漏洞 — GX Works3CWE-259 7.5 High2022-11-24

Vulnerabilities classified as access:pre-auth represent 19401 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.