Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19704

19704 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2026-5386 KMW CCTV Security Cameras Unverified Password Change — KM-IP521CWE-620 9.1 Critical2026-05-29
CVE-2026-45631 Dokploy: Pre-Auth Admin Takeover via Hardcoded Authentication Secret — dokployCWE-798 10.0 Critical2026-05-29
CVE-2018-25404 The Open ISES Project 3.30A SQL Injection via add_facnote.php — Open ISES ProjectCWE-89 8.2 High2026-05-29
CVE-2018-25403 The Open ISES Project 3.30A SQL Injection via city_graph.php — Open ISES ProjectCWE-89 8.2 High2026-05-29
CVE-2018-25402 The Open ISES Project 3.30A SQL Injection via inc_types_graph.php — Open ISES ProjectCWE-89 8.2 High2026-05-29
CVE-2018-25401 The Open ISES Project 3.30A SQL Injection via sever_graph.php — Open ISES ProjectCWE-89 8.2 High2026-05-29
CVE-2018-25400 The Open ISES Project 3.30A SQL Injection via form_post.php — Open ISES ProjectCWE-89 8.2 High2026-05-29
CVE-2018-25399 The Open ISES Project 3.30A SQL Injection via nearby.php — Open ISES ProjectCWE-89 8.2 High2026-05-29
CVE-2018-25398 The Open ISES Project 3.30A SQL Injection via main.php — Open ISES ProjectCWE-89 8.2 High2026-05-29
CVE-2018-25397 PHP-SHOP 1.0 Cross-Site Request Forgery via users.php — PHP-SHOP masterCWE-352 5.3 Medium2026-05-29
CVE-2018-25396 Heatmiser Wifi Thermostat 1.7 Credential Disclosure via networkSetup.htm — Heatmiser Wifi ThermostatCWE-256 7.5 High2026-05-29
CVE-2018-25395 Kados R10 GreenBee SQL Injection via update_feature.php — Kados R10 GreenBeeCWE-89 8.2 High2026-05-29
CVE-2018-25394 Kados R10 GreenBee SQL Injection via update_release.php — Kados R10 GreenBeeCWE-89 8.2 High2026-05-29
CVE-2018-25391 HaPe PKH 1.1 Missing Authorization Allows Unauthenticated Record Deletion — HaPe PKHCWE-862 7.5 High2026-05-29
CVE-2018-25390 HaPe PKH 1.1 SQL Injection via desa Parameter — HaPe PKHCWE-89 8.2 High2026-05-29
CVE-2018-25389 HaPe PKH 1.1 SQL Injection via nama_kelompok Parameter — HaPe PKHCWE-89 8.2 High2026-05-29
CVE-2018-25387 HaPe PKH 1.1 Cross-Site Request Forgery via aksi_user.php — HaPe PKHCWE-352 5.3 Medium2026-05-29
CVE-2018-25386 HaPe PKH 1.1 SQL Injection via id Parameter in admin/media.php — HaPe PKHCWE-89 8.2 High2026-05-29
CVE-2018-25385 E-Registrasi Pencak Silat 18.10 SQL Injection via id_partai — Registrasi Pencak SilatCWE-89 8.2 High2026-05-29
CVE-2018-25382 Zechat 1.5 SQL Injection via uname Parameter — ZechatCWE-89 8.2 High2026-05-29
CVE-2026-4290 WP Travel Pro <= 10.6.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion Including Administrators — WP Travel ProCWE-862 9.1 Critical2026-05-29
CVE-2026-45620 AVideo CVE-2026-43881 incomplete fix - `objects/mention.json.php:17` is an unauthenticated user enumeration — AVideoCWE-204 5.3 Medium2026-05-29
CVE-2026-46337 WWBN AVideo: Unauthenticated Arbitrary Image Read via Path Traversal in `view/img/image404Raw.php` — AVideoCWE-22--2026-05-29
CVE-2026-10075 Interinfo|DreamMaker - Path Traversal — DreamMakerCWE-36 5.3 Medium2026-05-29
CVE-2026-46376 FreePBX: Unauthenticated Use of Hard-Coded Credentials Vulnerability in FreePBX UCP Interface — security-reportingCWE-798--2026-05-29
CVE-2026-10073 Interinfo|DreamMaker - Arbitrary File Read — DreamMakerCWE-23 7.5 High2026-05-29
CVE-2026-49324 Indian Scout Bobber 2025 WCM brute-force — Scout Bobber + TechCWE-400 4.6 Medium2026-05-29
CVE-2026-10071 Interinfo|DreamMaker - Arbitrary File Upload — DreamMakerCWE-434 9.8 Critical2026-05-29
CVE-2026-9509 Uncaught exception vulnerability in Suprema's BioStar — BioStar 2 (server)CWE-248--2026-05-29
CVE-2026-8326 Remote Spark SparkView Path Traversal in RDP Drive Redirection leading to RCE — SparkViewCWE-23--2026-05-29

Vulnerabilities classified as access:pre-auth represent 19704 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.