19413 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.
The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2021-36913 | Redirection for Contact Form 7 <= 2.4.0 - Unauthenticated Options Change and Content Injection vulnerability — Redirection for Contact Form 7 (WordPress plugin)CWE-284 | 7.5 | High | 2022-10-11 |
| CVE-2022-34427 | Dell Container Storage Modules 操作系统命令注入漏洞 — Dell Container Storage ModulesCWE-78 | 8.8 | High | 2022-10-11 |
| CVE-2022-34426 | Dell Container Storage Modules 路径遍历漏洞 — Dell Container Storage ModulesCWE-22 | 8.8 | High | 2022-10-11 |
| CVE-2022-31766 | Siemens RUGGEDCOM RM1224 输入验证错误漏洞 — RUGGEDCOM RM1224 LTE(4G) EUCWE-20 | 8.6 | High | 2022-10-11 |
| CVE-2022-33749 | Xen 资源管理错误漏洞 — Xapi | 5.3 | - | 2022-10-11 |
| CVE-2022-36362 | Siemens LOGO! 8 BM 输入验证错误漏洞 — LOGO! 12/24RCECWE-20 | 7.5 | High | 2022-10-11 |
| CVE-2022-37968 | Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability — Azure Arc-enabled Kubernetes cluster 1.8.11 | 10.0 | Critical | 2022-10-11 |
| CVE-2022-39800 | SAP BusinessObjects BI LaunchPad 跨站脚本漏洞 — SAP BusinessObjects Business Intelligence Platform (BI LaunchPad)CWE-79 | 6.1 | - | 2022-10-11 |
| CVE-2022-40179 | 多款Siemens产品跨站请求伪造漏洞 — Desigo PXM30-1CWE-352 | 7.3 | - | 2022-10-11 |
| CVE-2022-40180 | 多款Siemens产品跨站请求伪造漏洞 — Desigo PXM30-1CWE-352 | 7.3 | - | 2022-10-11 |
| CVE-2022-40227 | Siemens SIMATIC HMI Comfort Panels 输入验证错误漏洞 — SIMATIC HMI Comfort Panels (incl. SIPLUS variants)CWE-20 | 9.8 | - | 2022-10-11 |
| CVE-2022-41665 | Siemens SICAM P850 和SICAM P855 安全漏洞 — SICAM P850CWE-141 | 9.8 | Critical | 2022-10-11 |
| CVE-2022-34425 | Dell Enterprise SONiC OS 信任管理问题漏洞 — Enterprise SONiC OSCWE-321 | 7.5 | High | 2022-10-10 |
| CVE-2022-20837 | Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway Denial of Service Vulnerability — Cisco IOS XE SoftwareCWE-754 | 8.6 | High | 2022-10-10 |
| CVE-2022-20864 | Cisco IOS XE ROM Monitor Software for Catalyst Switches Information Disclosure Vulnerability — Cisco IOS XE SoftwareCWE-538 | 4.6 | Medium | 2022-10-10 |
| CVE-2022-20915 | Cisco IOS XE Software IPv6 VPN over MPLS Denial of Service Vulnerability — Cisco IOS XE SoftwareCWE-115 | 7.4 | High | 2022-10-10 |
| CVE-2022-20830 | Cisco Software-Defined Application Visibility and Control on Cisco vManage Authentication Bypass Vulnerability — Cisco SD-WAN vManageCWE-306 | 5.3 | Medium | 2022-10-10 |
| CVE-2022-20870 | Cisco IOS XE Software for Catalyst Switches MPLS Denial of Service Vulnerability — Cisco IOS XE SoftwareCWE-130 | 8.6 | High | 2022-10-10 |
| CVE-2022-20944 | Cisco IOS XE Software for Catalyst 9200 Series Switches Arbitrary Code Execution Vulnerability — Cisco IOS XE SoftwareCWE-347 | 6.1 | Medium | 2022-10-10 |
| CVE-2022-2350 | Disable User Login <= 1.0.1 - Unauthenticated Settings Update — Disable User LoginCWE-862 | 5.3 | - | 2022-10-10 |
| CVE-2022-26121 | Fortinet FortiManager和FortiAnalyzer 安全漏洞 — n/a | 3.7 | Low | 2022-10-10 |
| CVE-2022-29055 | Fortinet FortiOS 缓冲区错误漏洞 — Fortinet FortiOS, FortiProxy | 7.5 | High | 2022-10-10 |
| CVE-2022-33872 | FortiTester 操作系统命令注入漏洞 — Fortinet FortiTester | 9.8 | Critical | 2022-10-10 |
| CVE-2022-33873 | FortiTester 操作系统命令注入漏洞 — Fortinet FortiTester | 6.8 | Medium | 2022-10-10 |
| CVE-2022-33874 | FortiTester 操作系统命令注入漏洞 — Fortinet FortiTester | 9.8 | Critical | 2022-10-10 |
| CVE-2022-35846 | FortiTester 安全漏洞 — Fortinet FortiTester | 8.1 | High | 2022-10-10 |
| CVE-2022-37885 | Aruba Networks ArubaOS 安全漏洞 — Aruba Access Points; 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; | 9.8 | - | 2022-10-07 |
| CVE-2022-37886 | Aruba Networks ArubaOS 安全漏洞 — Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; | 9.8 | - | 2022-10-07 |
| CVE-2022-37887 | Aruba Networks ArubaOS 安全漏洞 — Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; | 9.8 | - | 2022-10-07 |
| CVE-2022-37889 | Aruba Networks ArubaOS 安全漏洞 — Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; | 9.8 | - | 2022-10-07 |
Vulnerabilities classified as access:pre-auth represent 19413 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.