Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19517

19517 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2021-44222 Siemens SIMATIC eaSie Core Package 访问控制错误漏洞 — SIMATIC eaSie Core PackageCWE-306 9.8 -2022-07-12
CVE-2022-1952 eaSYNC < 1.1.16 - Unauthenticated Arbitrary File Upload — Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNCCWE-434 9.8 -2022-07-11
CVE-2022-1951 Core Plugin for Kitestudio Themes < 2.3.1 - Reflected Cross-Site-Scripting — core plugin for kitestudio themesCWE-79 6.1 -2022-07-11
CVE-2022-1938 Awin Data Feed < 1.8 - Unauthenticated Stored Cross-Site Scripting — Awin Data FeedCWE-79 5.4 -2022-07-11
CVE-2022-1937 Awin Data Feed < 1.8 - Reflected Cross-Site Scripting — Awin Data FeedCWE-79 6.1 -2022-07-11
CVE-2022-1057 Pricing Deals for WooCommerce <= 2.0.2.02 - Unauthenticated SQLi — Pricing Deals for WooCommerceCWE-89 9.8 -2022-07-11
CVE-2022-35411 rpc.py 代码问题漏洞 — n/a 9.8 -2022-07-08
CVE-2021-46825 Symantec Advanced Secure Gateway 环境问题漏洞 — Advance Secure Gateway and ProxySG 5.3 -2022-07-07
CVE-2022-20815 Cisco Unified Communications Products Cross-Site Scripting Vulnerability — Cisco Unified Communications ManagerCWE-79 6.1 Medium2022-07-06
CVE-2022-20800 Cisco Unified Communications Products Cross-Site Scripting Vulnerability — Cisco Unity ConnectionCWE-79 6.1 Medium2022-07-06
CVE-2022-20752 Cisco Unified Communications Products Timing Attack Vulnerability — Cisco Unified Communications ManagerCWE-208 5.3 Medium2022-07-06
CVE-2022-31126 Unauthenticated Remote Code Execution in Roxy-wi — roxy-wiCWE-74 10.0 Critical2022-07-06
CVE-2022-31125 Authentication Bypass in Roxy-wi — roxy-wiCWE-287 10.0 Critical2022-07-06
CVE-2022-1946 Gallery < 2.0.0 - Reflected Cross-Site Scripting — Gallery – Image and Video Gallery with ThumbnailsCWE-79 6.1 -2022-07-04
CVE-2021-37524 FusionPBX 跨站脚本漏洞 — n/a 6.1 -2022-07-01
CVE-2022-1963 GitLab 信息泄露漏洞 — GitLab 5.3 Medium2022-07-01
CVE-2022-1953 Product Configurator for WooCommerce < 1.2.32 - Unauthenticated Arbitrary File Deletion — Product Configurator for WooCommerceCWE-22 9.1 -2022-06-27
CVE-2022-1916 Active Products Tables for WooCommerce < 1.0.5 - Reflected Cross-Site-Scripting — Active Products Tables for WooCommerce. Professional products tables for WooCommerce storeCWE-79 6.1 -2022-06-27
CVE-2022-1904 Easy Pricing Tables < 3.2.1 - Reflected Cross-Site-Scripting — Pricing Tables WordPress Plugin – Easy Pricing TablesCWE-79 6.1 -2022-06-27
CVE-2022-1903 ARMember < 3.4.8 - Unauthenticated Admin Account Takeover — ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signupCWE-862 8.1 -2022-06-27
CVE-2022-1574 HTML2WP <= 1.0.0 - Unauthenticated Arbitrary File Upload — HTML2WP 9.8 -2022-06-27
CVE-2022-0444 XCloner < 4.3.6 - Plugin Settings Reset — Backup, Restore and Migrate WordPress Sites With the XCloner Plugin 4.3 -2022-06-27
CVE-2022-2105 Secheron SEPCOS Control and Protection Relay — SEPCOS Control and Protection Relay firmware packageCWE-841 9.4 Critical2022-06-24
CVE-2022-1517 3.2.1 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250 — NextSeq 550DxCWE-250 10.0 Critical2022-06-24
CVE-2022-23170 SysAid - Okta SSO integration — SysAid - Okta SSO integrationCWE-611 5.9 Medium2022-06-24
CVE-2022-31804 CODESYS Gateway server prone to denial of service attack due to excessive memory allocation — CODESYS Gateway Server V2CWE-789 7.5 High2022-06-24
CVE-2022-31803 CODESYS Gateway Server V2 prone to Denial of Service Attack — CODESYS Gateway Server V2CWE-400 5.3 Medium2022-06-24
CVE-2022-31801 Insufficient Verification of Data Vulnerability in ProConOS/ProConOS eCLR SDK and MULTIPROG Engineering tool — MULTIPROGCWE-345 9.8 Critical2022-06-21
CVE-2022-31800 Insufficient Verification of Data Vulnerability in PHOENIX CONTACT classic line industrial controllers — ILC 1x0CWE-345 9.8 Critical2022-06-21
CVE-2022-1905 Events Made Easy < 2.2.81 - Unauthenticated SQLi — Events Made EasyCWE-89 9.8 -2022-06-20

Vulnerabilities classified as access:pre-auth represent 19517 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.