Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19412

19412 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2022-2753 Ketchup Restaurant Reservations <= 1.0.0 - Unauthenticated Stored XSS — Ketchup Restaurant ReservationsCWE-79 6.1 -2022-09-19
CVE-2022-2840 Zephyr Project Manager < 3.2.5 - Multiple Unauthenticated SQLi — Zephyr Project ManagerCWE-89 9.8 -2022-09-19
CVE-2022-39960 Atlassian Jira 安全漏洞 — n/a 5.3 -2022-09-17
CVE-2022-3217 VISAM VBASE 安全漏洞 — VISAM VBASE 7.5 -2022-09-16
CVE-2022-22520 User enumeration vulnerability in MB connect line and Helmholz products — mymbCONNECT24CWE-204 5.3 Medium2022-09-14
CVE-2022-40626 Reflected XSS in the backurl parameter of Zabbix Frontend — FrontendCWE-79 4.8 Medium2022-09-14
CVE-2022-39815 NOKIA 1350 OMS 操作系统命令注入漏洞 — n/a 9.8 -2022-09-13
CVE-2022-40623 WAVLINK Quantum D4G (WN531G3) CSRF — WN531G3CWE-352 8.8 -2022-09-13
CVE-2022-39208 Git Repository Disclosure in Onedev — onedevCWE-552 7.5 High2022-09-13
CVE-2022-39205 Access Control Bypass in Onedev — onedevCWE-287 9.0 Critical2022-09-13
CVE-2022-36779 PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Router (with GPS)4 Unauthenticated OS Command Injection — PROSCEND M330-w / M330-W5 6.5 Medium2022-09-13
CVE-2022-38329 Shopxian CMS 跨站请求伪造漏洞 — n/a 6.5 -2022-09-13
CVE-2022-38972 Six Apart Movable Type 跨站脚本漏洞 — A-Form 6.1 -2022-09-12
CVE-2022-28742 aEnrich eHRD Learning Management Key Performance Indicator System 安全漏洞 — n/a 9.1 -2022-09-09
CVE-2022-36876 SAMSUNG Mobile devices 安全漏洞 — Samsung PassCWE-285 1.8 Low2022-09-09
CVE-2022-36793 WordPress WP Shop plugin <= 3.9.6 - Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities — WP Shop (WordPress plugin)CWE-264 6.5 Medium2022-09-09
CVE-2022-38067 WordPress Event Calendar – Calendar plugin <= 1.4.6 - Unauthenticated Event Deletion vulnerability — Event Calendar – Calendar (WordPress plugin)CWE-264 6.5 Medium2022-09-09
CVE-2022-20696 Cisco SD-WAN vManage Software Unauthenticated Access to Messaging Services Vulnerability — Cisco SD-WAN vManageCWE-284 7.5 High2022-09-08
CVE-2022-20863 Cisco Webex Meetings App Character Interface Manipulation Vulnerability — Cisco Webex Meetings Desktop AppCWE-450 4.3 Medium2022-09-08
CVE-2022-20923 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers IPSec VPN Server Authentication Bypass Vulnerability — Cisco Small Business RV Series Router FirmwareCWE-303 4.0 Medium2022-09-08
CVE-2022-38400 SYNCK GRAPHICA Mailform Pro CGI 信息泄露漏洞 — Mailform Pro CGI 5.9 -2022-09-08
CVE-2022-38394 Allied Telesis CentreCOM AR260S 信任管理问题漏洞 — CentreCOM AR260S V2 9.8 -2022-09-08
CVE-2022-37146 PlexTrac 安全漏洞 — n/a 3.7 -2022-09-08
CVE-2022-37145 PlexTrac API 安全漏洞 — n/a 7.5 -2022-09-08
CVE-2022-37144 PlexTrac API 安全漏洞 — n/a 8.8 -2022-09-08
CVE-2022-1368 Cognex 3D-A1000 Dimensioning System Missing Authentication for Critical Function — 3D-A1000 Dimensioning SystemCWE-306 9.8 Critical2022-09-06
CVE-2022-31789 WatchGuard Firebox 输入验证错误漏洞 — n/a 9.8 -2022-09-06
CVE-2022-31790 WatchGuard Firebox 安全漏洞 — n/a 7.5 -2022-09-06
CVE-2022-2939 WP Cerber Security <= 9.0 - User Enumeration Bypass — WP Cerber Security, Anti-spam & Malware ScanCWE-200 5.3 Medium2022-09-06
CVE-2022-2540 Link Optimizer Lite <= 1.4.5 - Cross-Site Request Forgery to Cross-Site Scripting — Link Optimizer LiteCWE-352 8.8 High2022-09-06

Vulnerabilities classified as access:pre-auth represent 19412 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.