Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19411

19411 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2022-39307 Grafana subject to Exposure of Sensitive Information resulting in User enumeration via forget password — grafanaCWE-200 6.7 Medium2022-11-09
CVE-2022-39892 Samsung Pass 授权问题漏洞 — Samsung PassCWE-287 3.6 Low2022-11-09
CVE-2022-31199 Netwrix Auditor 代码问题漏洞 — n/a 9.8 -2022-11-08
CVE-2022-33321 Mitsubishi Electric consumer electronics products 安全漏洞 — PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE PV-DR006L-SET-MCWE-319 9.1 -2022-11-08
CVE-2022-33322 Mitsubishi Electric consumer electronics products 跨站脚本漏洞 — Air Conditioning MSZ-FD40/56/63/71/8022SCWE-79 6.1 -2022-11-08
CVE-2022-34822 NEC Expresscluster X 路径遍历漏洞 — CLUSTERPRO X 9.8 -2022-11-08
CVE-2022-34823 NEC Expresscluster X 安全漏洞 — CLUSTERPRO X 9.8 -2022-11-08
CVE-2022-34824 NEC Expresscluster X 安全漏洞 — CLUSTERPRO X 9.8 -2022-11-08
CVE-2022-34825 NEC Expresscluster X 代码问题漏洞 — CLUSTERPRO X 8.8 -2022-11-08
CVE-2022-39328 Grafana vulnerable to race condition allowing privilege escalation — grafanaCWE-362 9.8 Critical2022-11-08
CVE-2022-41207 SAP Biller Direct 输入验证错误漏洞 — SAP Biller DirectCWE-601 6.1 -2022-11-08
CVE-2022-41215 SAP NetWeaver和SAP NetWeaver ABAP Server 输入验证错误漏洞 — SAP NetWeaver ABAP Server and ABAP PlatformCWE-601 4.7 Medium2022-11-08
CVE-2022-41260 SAP Financial Consolidation 跨站脚本漏洞 — SAP Financial ConsolidationCWE-79 6.1 Medium2022-11-08
CVE-2020-12509 s::can moni::tools prone to path traversal in camera-file module — moni::toolsCWE-22 7.5 High2022-11-07
CVE-2020-12508 s::can moni::tools prone to path traversal in image-relocator module — moni::toolsCWE-22 7.5 High2022-11-07
CVE-2022-3481 WooCommerce Dropshipping < 4.4 - Unauthenticated SQLi — WooCommerce Dropshipping 9.8 -2022-11-07
CVE-2022-3489 WP Hide <= 0.0.2 - Unauthenticated Settings Update — Wp-HideCWE-862 5.3 -2022-11-07
CVE-2022-38660 HCL XPages applications are susceptible to Cross Site Request Forgery (CSRF) vulnerability — HCL DominoCWE-352 8.3 High2022-11-04
CVE-2022-20772 多款Cisco产品注入漏洞 — Cisco Secure EmailCWE-113 4.7 Medium2022-11-03
CVE-2022-20937 Cisco Identity Services Engine 资源管理错误漏洞 — Cisco Identity Services Engine SoftwareCWE-410 5.3 Medium2022-11-03
CVE-2022-20960 多款Cisco产品信任管理问题漏洞 — Cisco Secure EmailCWE-400 7.5 High2022-11-03
CVE-2022-20958 Cisco BroadWorks CommPilot 代码问题漏洞 — Cisco BroadWorksCWE-36 8.3 High2022-11-03
CVE-2022-20961 Cisco Identity Services Engine 跨站请求伪造漏洞 — Cisco Identity Services Engine SoftwareCWE-352 8.8 High2022-11-03
CVE-2022-37897 Aruba Networks ArubaOS 操作系统命令注入漏洞 — Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central 9.8 Critical2022-11-03
CVE-2022-3852 VR Calendar <= 2.3.3 - Cross-Site Request Forgery — VR CalendarCWE-352 8.8 High2022-11-03
CVE-2022-3776 Restaurant Menu – Food Ordering System – Table Reservation <= 2.3.1 - Cross-Site Request Forgery — Restaurant Menu – Food Ordering System – Table ReservationCWE-352 8.8 High2022-11-03
CVE-2022-38168 Avaya Scopia Pathfinder 访问控制错误漏洞 — n/a 9.1 -2022-11-03
CVE-2022-3575 Frauscher Sensortechnik Diagnostic System FDS102 for FAdC R2 and FAdCi R2 configuration upload vulnerability — Diagnostic System FDS102CWE-434 9.8 Critical2022-11-02
CVE-2022-30307 Fortinet FortiOS 安全漏洞 — Fortinet FortiOS 3.9 Low2022-11-02
CVE-2022-35842 Fortinet FortiOS 信息泄露漏洞 — Fortinet FortiOS 3.7 Low2022-11-02

Vulnerabilities classified as access:pre-auth represent 19411 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.