Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19403

19403 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2022-39412 Oracle Fusion Middleware 安全漏洞 — Access Manager 7.5 High2022-10-18
CVE-2022-39424 Oracle Virtualization和Oracle VM VirtualBox 安全漏洞 — VM VirtualBox 8.1 High2022-10-18
CVE-2022-39425 Oracle Virtualization和Oracle VM VirtualBox 安全漏洞 — VM VirtualBox 8.1 High2022-10-18
CVE-2022-39426 Oracle Virtualization和Oracle VM VirtualBox 安全漏洞 — VM VirtualBox 8.1 High2022-10-18
CVE-2022-39428 Oracle E-Business Suite 安全漏洞 — Web Applications Desktop Integrator 9.8 Critical2022-10-18
CVE-2022-40684 Fortinet FortiOS 授权问题漏洞 — Fortinet FortiOS, FortiProxy, FortiSwitchManager 9.8 Critical2022-10-18
CVE-2022-2592 GitLab 输入验证错误漏洞 — GitLab 6.5 Medium2022-10-17
CVE-2017-20149 MikroTik RouterOS 缓冲区错误漏洞 — n/a 9.8 -2022-10-15
CVE-2022-35691 Adobe Acrobat Reader NULL Pointer Dereference Application denial-of-service — Acrobat ReaderCWE-476 5.5 Medium2022-10-14
CVE-2022-36802 Atlassian Jira 代码问题漏洞 — Jira Align 4.9 -2022-10-14
CVE-2022-39064 IKEA TRÅDFRI smart lighting 安全漏洞 — TRÅDFRI smart lighting systemCWE-241 8.1 -2022-10-14
CVE-2022-39065 IKEA TRÅDFRI smart lighting 安全漏洞 — TRÅDFRI gateway systemCWE-241 6.5 -2022-10-14
CVE-2022-41436 OXHOO TP50 授权问题漏洞 — n/a 9.8 -2022-10-14
CVE-2021-20030 SonicWALL Global Management System 路径遍历漏洞 — SonicWall GMSCWE-22 9.1 -2022-10-13
CVE-2022-35136 Boodskap IoT Platform 访问控制错误漏洞 — n/a 9.8 -2022-10-13
CVE-2022-39300 Signature bypass via multiple root elements in node-SAML — node-samlCWE-347 7.7 High2022-10-13
CVE-2022-31228 Dell EMC XtremIO 安全漏洞 — XtremIOCWE-307 8.1 High2022-10-12
CVE-2022-39299 Signature bypass via multiple root elements in Passport-SAML — passport-samlCWE-347 7.4 High2022-10-12
CVE-2022-42711 Progress Software WhatsUp Gold 跨站脚本漏洞 — n/a 9.6 -2022-10-12
CVE-2022-42897 Array Networks AG/vxAG 命令注入漏洞 — n/a 9.8 -2022-10-12
CVE-2021-36913 Redirection for Contact Form 7 <= 2.4.0 - Unauthenticated Options Change and Content Injection vulnerability — Redirection for Contact Form 7 (WordPress plugin)CWE-284 7.5 High2022-10-11
CVE-2022-34427 Dell Container Storage Modules 操作系统命令注入漏洞 — Dell Container Storage ModulesCWE-78 8.8 High2022-10-11
CVE-2022-34426 Dell Container Storage Modules 路径遍历漏洞 — Dell Container Storage ModulesCWE-22 8.8 High2022-10-11
CVE-2022-31766 Siemens RUGGEDCOM RM1224 输入验证错误漏洞 — RUGGEDCOM RM1224 LTE(4G) EUCWE-20 8.6 High2022-10-11
CVE-2022-33749 Xen 资源管理错误漏洞 — Xapi 5.3 -2022-10-11
CVE-2022-36362 Siemens LOGO! 8 BM 输入验证错误漏洞 — LOGO! 12/24RCECWE-20 7.5 High2022-10-11
CVE-2022-37968 Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability — Azure Arc-enabled Kubernetes cluster 1.8.11 10.0 Critical2022-10-11
CVE-2022-39800 SAP BusinessObjects BI LaunchPad 跨站脚本漏洞 — SAP BusinessObjects Business Intelligence Platform (BI LaunchPad)CWE-79 6.1 -2022-10-11
CVE-2022-40179 多款Siemens产品跨站请求伪造漏洞 — Desigo PXM30-1CWE-352 7.3 -2022-10-11
CVE-2022-40180 多款Siemens产品跨站请求伪造漏洞 — Desigo PXM30-1CWE-352 7.3 -2022-10-11

Vulnerabilities classified as access:pre-auth represent 19403 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.