Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19430

19430 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2022-21139 Intel PROSet/Wireless WiFi Software 加密问题漏洞 — Intel(R) PROSet/Wireless WiFi products 8.8 -2022-08-18
CVE-2022-37422 Payara 路径遍历漏洞 — n/a 7.5 -2022-08-18
CVE-2022-37062 Teledyne FLIR AX8 访问控制错误漏洞 — n/a 7.5 -2022-08-18
CVE-2021-23168 Intel PROSet/Wireless WiFi Software 缓冲区错误漏洞 — Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products 6.5 -2022-08-18
CVE-2021-44545 Intel PROSet/Wireless WiFi Software 输入验证错误漏洞 — Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products 6.5 -2022-08-18
CVE-2022-28697 Intel Active Management Technology 安全漏洞 — Intel(R) AMT and Intel(R) Standard Manageability 6.8 -2022-08-18
CVE-2022-30601 Intel Active Management Technology 安全漏洞 — Intel(R) AMT and Intel(R) Standard Manageability 9.8 -2022-08-18
CVE-2022-37060 Teledyne FLIR AX8 路径遍历漏洞 — n/a 7.5 -2022-08-18
CVE-2022-35122 Ecowitt GW1100 Series Weather Stations 访问控制错误漏洞 — n/a 9.1 -2022-08-17
CVE-2022-1401 Insufficient validation of provided paths in Exago WrImageResource.axd — CMDBCWE-863 6.9 Medium2022-08-16
CVE-2022-38184 There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 — Portal for ArcGISCWE-284 7.5 High2022-08-16
CVE-2022-38193 Code injection issue in Portal for ArcGIS (10.7.1 and 10.8.1) — Portal for ArcGISCWE-95 6.1 Medium2022-08-16
CVE-2022-2846 Calendar Event Multi View < 1.4.07 - Unauthenticated Arbitrary Event Creation to Stored XSS — Calendar Event Multi ViewCWE-862 4.3 -2022-08-16
CVE-2022-38187 Prevent access to sharing/rest/content/features/analyze to unauthorized users — Portal for ArcGISCWE-918 7.5 High2022-08-15
CVE-2022-38190 Stored cross-site scripting vulnerability in Esri Portal for ArcGIS Configurable Apps — Portal for ArcGISCWE-79 6.1 Medium2022-08-15
CVE-2022-2535 SearchWP Live Ajax Search < 1.6.2 - Unauthenticated Arbitrary Post Title Disclosure — SearchWP Live Ajax SearchCWE-639 5.3 -2022-08-15
CVE-2022-2379 Easy Student Results <= 2.2.8 - Sensitive Information Disclosure via REST API — Easy Student ResultsCWE-862 7.5 -2022-08-15
CVE-2022-2180 GREYD.SUITE < 1.2.7 - Unauthenticated File Upload to RCE — greyd_suiteCWE-434 9.8 -2022-08-15
CVE-2021-29117 arcreader use-after-free — ArcReaderCWE-416 7.8 -2022-08-12
CVE-2021-29112 Esri ArcReader PMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability — ArcReaderCWE-125 5.5 -2022-08-12
CVE-2021-29118 Esri ArcReader PMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability — ArcReaderCWE-125 5.5 -2022-08-12
CVE-2022-37397 The software is vulnerable when using LDAP-based authentication in YCQL with Microsoft’s Active Directory — Yugabyte DBCWE-287 8.3 High2022-08-12
CVE-2021-22289 RCE through Project Upload from Target — Automation StudioCWE-20 8.3 High2022-08-11
CVE-2022-33927 Dell Wyse Management Suite 授权问题漏洞 — Wyse Management SuiteCWE-384 5.4 Medium2022-08-10
CVE-2022-20866 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerability — Cisco Adaptive Security Appliance (ASA) SoftwareCWE-203 7.4 High2022-08-10
CVE-2022-20713 Cisco Adaptive Security Appliances Software 跨站脚本漏洞 — Cisco Adaptive Security Appliance (ASA) SoftwareCWE-444 4.3 Medium2022-08-10
CVE-2022-38130 Keysight Technologies Sensor Management Server SQL注入漏洞 — Keysight Technologies Sensor Management Server 9.8 -2022-08-10
CVE-2022-38129 Keysight Technologies Sensor Management Server 路径遍历漏洞 — Keysight Technologies Sensor Management Server 9.1 -2022-08-10
CVE-2022-36923 多款ZOHO ManageEngine产品安全漏洞 — n/a 7.5 -2022-08-10
CVE-2022-36324 多款Siemens SCALANCE产品安全漏洞 — RUGGEDCOM RM1224 LTE(4G) EUCWE-770 7.5 High2022-08-10

Vulnerabilities classified as access:pre-auth represent 19430 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.