19497 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.
The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-20670 | Cisco Common Services Platform Collector Cross-Site Scripting Vulnerabilities — Cisco Common Services Platform Collector SoftwareCWE-79 | 6.1 | Medium | 2022-05-27 |
| CVE-2022-20669 | Cisco Common Services Platform Collector Cross-Site Scripting Vulnerabilities — Cisco Common Services Platform Collector SoftwareCWE-79 | 6.1 | Medium | 2022-05-27 |
| CVE-2022-20668 | Cisco Common Services Platform Collector Cross-Site Scripting Vulnerabilities — Cisco Common Services Platform Collector SoftwareCWE-79 | 6.1 | Medium | 2022-05-27 |
| CVE-2022-20667 | Cisco Common Services Platform Collector Cross-Site Scripting Vulnerabilities — Cisco Common Services Platform Collector SoftwareCWE-79 | 6.1 | Medium | 2022-05-27 |
| CVE-2022-20666 | Cisco Common Services Platform Collector Cross-Site Scripting Vulnerabilities — Cisco Common Services Platform Collector SoftwareCWE-79 | 6.1 | Medium | 2022-05-27 |
| CVE-2022-29729 | Verizon 4G LTE Network Extender 安全漏洞 — n/a | 9.1 | - | 2022-05-27 |
| CVE-2022-26724 | Apple TV 授权问题漏洞 — tvOS | 5.5 | - | 2022-05-26 |
| CVE-2022-29091 | 多款DELL产品跨站脚本漏洞 — UnityCWE-79 | 5.3 | Medium | 2022-05-26 |
| CVE-2022-26865 | DELL SupportAssist OS Recovery 授权问题漏洞 — Dell OS Recovery ToolCWE-288 | 6.8 | Medium | 2022-05-26 |
| CVE-2022-24422 | DELL iDRAC9 授权问题漏洞 — Integrated Dell Remote Access Controller 9CWE-287 | 9.6 | Critical | 2022-05-26 |
| CVE-2022-20821 | Cisco IOS XR Software Health Check Open Port Vulnerability — Cisco IOS XR SoftwareCWE-200 | 6.5 | Medium | 2022-05-26 |
| CVE-2022-26833 | Open Automation Software OAS Platform 访问控制错误漏洞 — OAS PlatformCWE-306 | 9.4 | Critical | 2022-05-25 |
| CVE-2022-29402 | TP-LINK TL-WR840N 访问控制错误漏洞 — n/a | 6.8 | Medium | 2022-05-25 |
| CVE-2022-22309 | IBM Power System 访问控制错误漏洞 — Power System S922 Server | 6.8 | - | 2022-05-24 |
| CVE-2014-125001 | Cardo Systems Scala Rider Q3 Cardo-Updater api privileges management — Scala Rider Q3CWE-269 | 8.1 | High | 2022-05-24 |
| CVE-2022-22306 | Fortinet FortiOS 信任管理问题漏洞 — Fortinet FortiOS | 5.4 | Medium | 2022-05-24 |
| CVE-2021-45914 | LuxSoft LuxCal Web Calendar 授权问题漏洞 — n/a | 9.8 | - | 2022-05-24 |
| CVE-2021-45915 | LuxSoft LuxCal Web Calendar 授权问题漏洞 — n/a | 9.8 | - | 2022-05-24 |
| CVE-2022-0781 | Nirweb support < 2.8.2 - Unauthenticated SQLi — Nirweb supportCWE-89 | 9.8 | - | 2022-05-23 |
| CVE-2022-29165 | Argo CD will blindly trust JWT claims if anonymous access is enabled — argo-cdCWE-200 | 10.0 | Critical | 2022-05-20 |
| CVE-2022-21500 | Oracle E-Business Suite 信息泄露漏洞 — User Management | 7.5 | High | 2022-05-19 |
| CVE-2020-16231 | All Bachmann M1 System Processor Modules - Use of Password Hash with Insufficient Computational Effort — M1 Hardware Controller MX207CWE-916 | 7.2 | High | 2022-05-19 |
| CVE-2021-37413 | GRANDCOM DynWEB SQL注入漏洞 — n/a | 9.8 | - | 2022-05-19 |
| CVE-2022-28921 | BlogEngine 跨站请求伪造漏洞 — n/a | 6.5 | - | 2022-05-18 |
| CVE-2022-22778 | TIBCO BusinessConnect Trading Community Management Cross-Site Request Forgery Vulnerability — TIBCO BusinessConnect Trading Community Management | 8.8 | High | 2022-05-18 |
| CVE-2022-22777 | TIBCO BusinessConnect Trading Community Management Reflected Cross Site Scripting Vulnerability — TIBCO BusinessConnect Trading Community Management | 6.1 | Medium | 2022-05-18 |
| CVE-2022-25162 | Mitsubishi Electric MELSEC iQ-F series 输入验证错误漏洞 — Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS); Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS); Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS); Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/ES-A(x=24,40,60, y=T,R); Mitsubishi Electric MELSEC iQ-F series FX5S-xMy/z(x=30,40,60,80, y=T,R, z=ES,ESS) | 5.8 | - | 2022-05-18 |
| CVE-2022-25161 | Mitsubishi Electric MELSEC iQ-F series 输入验证错误漏洞 — Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS); Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS); Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS); Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/ES-A(x=24,40,60, y=T,R); Mitsubishi Electric MELSEC iQ-F series FX5S-xMy/z(x=30,40,60,80, y=T,R, z=ES,ESS) | 5.8 | - | 2022-05-18 |
| CVE-2021-42851 | Lenovo Personal Cloud Storage 安全漏洞 — Personal Cloud Storage A1CWE-862 | 6.3 | Medium | 2022-05-18 |
| CVE-2021-42848 | Lenovo Personal Cloud Storage 安全漏洞 — Personal Cloud Storage A1CWE-862 | 4.3 | Medium | 2022-05-18 |
Vulnerabilities classified as access:pre-auth represent 19497 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.