Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19466

19466 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2022-34535 Digital Watchdog DW MEGApix IP 授权问题漏洞 — n/a 7.5 -2022-07-19
CVE-2022-35405 ZOHO ManageEngine Password Manager Pro 代码问题漏洞 — n/a 9.8 -2022-07-19
CVE-2021-32504 SICK FTMg 安全漏洞 — SICK FTMgCWE-862 8.2 -2022-07-19
CVE-2022-21540 Oracle Java SE 输入验证错误漏洞 — Java SE JDK and JRE 5.3 Medium2022-07-19
CVE-2022-21541 Oracle Java SE和Oracle GraalVM 输入验证错误漏洞 — Java SE JDK and JRE 5.9 Medium2022-07-19
CVE-2022-21549 Oracle Java SE 输入验证错误漏洞 — Java SE JDK and JRE 5.3 Medium2022-07-19
CVE-2022-23438 Fortinet FortiOS 跨站脚本漏洞 — Fortinet FortiOS 4.7 Medium2022-07-18
CVE-2022-22304 Fortinet FortiAuthenticator 跨站脚本漏洞 — Fortinet FortiAuthenticator OutlookAgent 6.1 Medium2022-07-18
CVE-2021-42755 Fortinet FortiVoice 输入验证错误漏洞 — Fortinet FortiSwitch, FortiRecorder, FortiVoiceEnterprise, FortiOS, FortiProxy 4.3 Medium2022-07-18
CVE-2022-2224 Gallery for Social Photo <= 1.0.0.27 - Cross-Site Request Forgery to Post Duplication — Gallery for Social PhotoCWE-352 5.4 Medium2022-07-18
CVE-2022-2443 FreeMind WP Browser <= 1.2 - Cross-Site Request Forgery to Cross-Site Scripting — FreeMind WP BrowserCWE-352 8.8 High2022-07-18
CVE-2022-2001 DX Share Selection <= 1.4 - Cross-Site Request Forgery to Cross-Site Scripting — DX Share SelectionCWE-352 8.8 High2022-07-18
CVE-2022-2117 GiveWP – Donation Plugin and Fundraising Platform <= 2.20.2 - Sensitive Information Disclosure — GiveWP – Donation Plugin and Fundraising PlatformCWE-200 5.3 Medium2022-07-18
CVE-2022-1912 Button Widget Smartsoft <= 1.0.1 - Cross-Site Request Forgery to Cross-Site Scripting — Button Widget SmartsoftCWE-352 8.8 High2022-07-18
CVE-2022-2437 Feed Them Social – for Twitter feed, Youtube and more <= 2.9.8.5 - Unauthenticated PHAR Deserialization — Feed Them Social – Social Media Feeds, Video, and Photo GalleriesCWE-502 9.8 Critical2022-07-18
CVE-2022-2435 AnyMind Widget <= 1.1 - Cross-Site Request Forgery to Cross-Site Scripting — AnyMind WidgetCWE-352 8.8 High2022-07-18
CVE-2022-2223 Image Slider <= 1.1.121 - Cross-Site Request Forgery to Post Duplication — Image SliderCWE-352 5.4 Medium2022-07-18
CVE-2022-2108 Wbcom Designs – BuddyPress Group Reviews <= 2.8.3 - Unauthorized AJAX Actions due to Nonce Bypass — Wbcom Designs – BuddyPress Group ReviewsCWE-862 6.5 Medium2022-07-18
CVE-2022-2039 Free Live Chat Support <= 1.0.11 - Cross-Site Request Forgery to Cross-Site Scripting — Free Live Chat SupportCWE-352 8.8 High2022-07-18
CVE-2022-24690 DSK DSKNet SQL注入漏洞 — n/a 8.2 -2022-07-18
CVE-2022-26479 Poly EagleEye Director 操作系统命令注入漏洞 — n/a 9.8 -2022-07-17
CVE-2022-26352 dotCMS 安全漏洞 — n/a 9.8 -2022-07-17
CVE-2022-1933 CDI < 5.1.9 - Reflected Cross-Site-Scripting — CDI – Collect and Deliver Interface for WoocommerceCWE-79 6.1 -2022-07-17
CVE-2022-30245 Honeywell Alerton Compass 安全漏洞 — n/a 5.7 -2022-07-15
CVE-2022-30244 Honeywell Alerton Ascent Control Module 安全漏洞 — n/a 8.0 -2022-07-15
CVE-2022-30243 Honeywell Alerton Visual Logic 安全漏洞 — n/a 8.8 -2022-07-15
CVE-2022-30242 Honeywell Alerton Ascent Control Module 安全漏洞 — n/a 5.7 -2022-07-15
CVE-2022-35409 Mbed TLS 缓冲区错误漏洞 — n/a 9.1 -2022-07-15
CVE-2022-35403 ZOHO ManageEngine ServiceDesk Plus 安全漏洞 — n/a 7.5 -2022-07-12
CVE-2022-35228 SAP BusinessObjects Central Management Console 跨站请求伪造漏洞 — SAP BusinessObjects Business Intelligence Platform (Central management Console)CWE-352 8.1 -2022-07-12

Vulnerabilities classified as access:pre-auth represent 19466 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.