Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19492

19492 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2022-26476 Siemens Spectrum Power 信任管理问题漏洞 — Spectrum Power 4CWE-798 8.8 -2022-06-14
CVE-2021-37182 Siemens SCALANCE 安全漏洞 — SCALANCE XM408-4CCWE-354 9.8 -2022-06-14
CVE-2021-40604 Invision Community 代码问题漏洞 — n/a 9.1 -2022-06-13
CVE-2022-23167 Amodat - Mobile Application Gateway Local File Inclusion (LFI) — Amodat 5.3 Medium2022-06-13
CVE-2022-1969 Mobile browser color select <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Mobile browser color selectCWE-352 8.8 High2022-06-13
CVE-2022-1820 Keep Backup Daily <= 2.0.2 - Reflected Cross-Site Scripting — Keep Backup DailyCWE-79 6.1 Medium2022-06-13
CVE-2022-1768 RSVPMaker <= 9.3.2 - Unauthenticated SQL Injection — RSVPMakerCWE-89 9.8 Critical2022-06-13
CVE-2022-1900 Copify <= 1.3.0 - Cross-Site Request Forgery to Cross-Site Scripting — CopifyCWE-352 8.8 High2022-06-13
CVE-2022-1918 ToolBar to Share <= 2.0 - Cross-Site Request Forgery to Cross-Site Scripting — ToolBar to ShareCWE-352 8.8 High2022-06-13
CVE-2022-1707 Google Tag Manager for WordPress <= 1.15 - Reflected Cross-Site Scripting via Site Search — GTM4WP – A Google Tag Manager (GTM) plugin for WordPressCWE-79 6.1 Medium2022-06-13
CVE-2022-1412 Log WP_Mail <= 0.1 - Email Logs Publicly Accessible — Log WP_Mail 7.5 -2022-06-13
CVE-2022-0885 Member Hero <= 1.0.9 - Unauthenticated RCE — Member Hero 9.8 -2022-06-13
CVE-2022-0827 Bestbooks <= 2.6.3 - Unauthenticated SQLi — BestbooksCWE-89 9.8 -2022-06-13
CVE-2022-0786 KiviCare < 2.3.9 - Unauthenticated SQLi — KiviCare – Clinic & Patient Management System (EHR)CWE-89 9.8 -2022-06-13
CVE-2022-1822 Zephyr Project Manager <= 3.2.40 - Reflected Cross-Site Scripting — Zephyr Project ManagerCWE-79 6.1 Medium2022-06-13
CVE-2021-46816 Adobe Premiere Pro M4A file memory corruption vulnerability could lead to remote code execution — PremiereCWE-787 7.8 High2022-06-13
CVE-2021-46817 Adobe Media Encoder M4A file memory corruption vulnerability could lead to remote code execution — Media EncoderCWE-787 7.8 High2022-06-13
CVE-2021-46818 Adobe Media Encoder M4A file memory corruption vulnerability could lead to remote code execution — Media EncoderCWE-787 7.8 High2022-06-13
CVE-2022-29525 Rakuten Mobile Rakuten Casa 信任管理问题漏洞 — Rakuten Casa 9.8 -2022-06-13
CVE-2022-27174 EC-CUBE Easy Blog for EC-CUBE4 跨站请求伪造漏洞 — Easy Blog for EC-CUBE4 4.3 -2022-06-13
CVE-2021-41749 Nystudio107 Seomatic 代码注入漏洞 — n/a 9.8 -2022-06-12
CVE-2022-29095 Dell SupportAssist Client 跨站脚本漏洞 — SupportAssist ConsumerCWE-16 8.3 High2022-06-10
CVE-2018-17240 Netwave IP camera 安全漏洞 — n/a 7.5 -2022-06-10
CVE-2022-32563 Couchbase Sync Gateway 信任管理问题漏洞 — n/a 9.8 -2022-06-10
CVE-2022-24296 Mitsubishi Electric Air Conditioning System 加密问题漏洞 — Air Conditioning System G-150AD; Air Conditioning System AG-150A-A; Air Conditioning System AG-150A-J; Air Conditioning System GB-50AD; Air Conditioning System GB-50ADA-A; Air Conditioning System GB-50ADA-J; Air Conditioning System EB-50GU-A; Air Conditioning System EB-50GU-J; Air Conditioning System AE-200J; Air Conditioning System AE-200A; Air Conditioning System AE-200E; Air Conditioning System AE-50J; Air Conditioning System AE-50A; Air Conditioning System AE-50E; Air Conditioning System EW-50J; Air Conditioning System EW-50A; Air Conditioning System EW-50E; Air Conditioning System TE-200A; Air Conditioning System TE-50A; Air Conditioning System TW-50A 9.1 -2022-06-08
CVE-2022-30730 Samsung Pass 安全漏洞 — Samsung PassCWE-285 4.6 Medium2022-06-07
CVE-2022-25361 WatchGuard Firebox 安全漏洞 — n/a 9.1 -2022-06-07
CVE-2022-23712 Elasticsearch 安全漏洞 — elasticsearchCWE-754 7.5 -2022-06-06
CVE-2022-31485 Unauthenticated homepage note modification — LNL-X2210CWE-425 5.3 Medium2022-06-06
CVE-2022-31484 User Account Deletion Unauthenticated — LNL-X2210CWE-425 7.5 High2022-06-06

Vulnerabilities classified as access:pre-auth represent 19492 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.