Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19401

19401 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2022-24037 Unauthorized modification in Karmasis Informatics Infraskope SIEM+ — Infraskope SIEM+CWE-20 8.2 High2022-11-18
CVE-2022-41132 WordPress Ezoic plugin <= 2.8.8 - Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerability — Ezoic (WordPress plugin)CWE-264 6.1 Medium2022-11-17
CVE-2022-43781 Atlassian Bitbucket Server和Bitbucket Data Center 命令注入漏洞 — Bitbucket Data Center 8.8 -2022-11-17
CVE-2022-38165 F-Secure Policy Manager 安全漏洞 — n/a 9.1 -2022-11-17
CVE-2022-42894 Siemens syngo Dynamics 代码问题漏洞 — syngo DynamicsCWE-918 7.5 -2022-11-17
CVE-2022-42982 BKG Professional NtripCaster 访问控制错误漏洞 — n/a 5.3 -2022-11-17
CVE-2022-4021 Permalink Manager Lite <= 2.2.20.1 - Cross-Site Request Forgery — Permalink Manager LiteCWE-352 8.8 High2022-11-16
CVE-2022-24036 Unauthorized modification in Karmasis Informatics Infraskope SIEM+ — Infraskope SIEM+CWE-284 8.6 High2022-11-16
CVE-2022-44004 BACKCLICK 授权问题漏洞 — n/a 9.8 -2022-11-16
CVE-2022-44006 BACKCLICK 路径遍历漏洞 — n/a 9.8 -2022-11-16
CVE-2022-3240 Follow Me Plugin <= 3.1.1 - Cross-Site Request Forgery to Cross-Site Scripting — Follow Me PluginCWE-352 8.8 High2022-11-15
CVE-2022-3480 Denial-of-Service vulnerability in PHOENIX CONTACT mGuard product family — FL MGUARD CENTERPORTCWE-770 7.5 High2022-11-15
CVE-2022-38201 An unvalidated redirect vulnerability exists in Esri ArcGIS Quick Capture Web Designer versions 10.8.1 to 10.9.1. — ArcGIS QuickcaptureCWE-601 6.1 Medium2022-11-15
CVE-2022-42978 Atlassian Confluence 安全漏洞 — n/a 7.5 -2022-11-15
CVE-2022-45385 Jenkins Plugin CloudBees Docker Hub/Registry Notification 安全漏洞 — Jenkins CloudBees Docker Hub/Registry Notification Plugin 7.5 -2022-11-15
CVE-2022-45388 Jenkins Plugin Config Rotator 路径遍历漏洞 — Jenkins Config Rotator Plugin 7.5 -2022-11-15
CVE-2022-45389 Jenkins Plugin XP-Dev 安全漏洞 — Jenkins XP-Dev Plugin 7.5 -2022-11-15
CVE-2022-3415 Chat Bubble < 2.3 - Unauthenticated Stored Cross-Site Scripting — Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me backCWE-79 6.1 -2022-11-14
CVE-2022-3477 tagDiv Composer < 3.5 - Unauthenticated Account Takeover — tagDiv ComposerCWE-287 8.1 -2022-11-14
CVE-2022-3538 Webmaster Tools Verification <= 1.2 - Unauthenticated Arbitrary Plugin Deactivation — Webmaster Tools VerificationCWE-862 7.5 -2022-11-14
CVE-2022-45378 Apache SOAP allows unauthenticated users to potentially invoke arbitrary code — Apache SOAPCWE-306 9.8 -2022-11-14
CVE-2022-38650 VMware Hyperic 代码问题漏洞 — n/a 10.0 -2022-11-12
CVE-2022-28667 Intel PROSet/Wireless WiFi Software 缓冲区错误漏洞 — Intel(R) PROSet/Wireless WiFi software 6.5 Medium2022-11-11
CVE-2022-26047 Intel WIFI Drivers 输入验证错误漏洞 — Intel(R) PROSet/Wireless WiFi, Intel vPro(R) CSME WiFi and Killer(TM) WiFi products 4.3 Medium2022-11-11
CVE-2022-26513 Intel XMM 缓冲区错误漏洞 — Intel(R) XMM(TM) 7560 Modem software 8.0 High2022-11-11
CVE-2022-29486 Intel Hyperscan 缓冲区错误漏洞 — Hyperscan library maintained by Intel(R) 4.3 Medium2022-11-11
CVE-2022-33942 Intel Data Center Manager 安全漏洞 — Intel(R) DCM software 8.8 High2022-11-11
CVE-2022-27233 Intel Quartus Prime 安全漏洞 — Intel(R) Quartus Prime Pro and Standard edition software 6.5 Medium2022-11-11
CVE-2022-26508 Intel SDP Tool 授权问题漏洞 — Intel(R) SDP Tool 4.3 Medium2022-11-11
CVE-2022-27497 多款Intel产品代码问题漏洞 — Intel(R) AMT 8.6 High2022-11-11

Vulnerabilities classified as access:pre-auth represent 19401 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.