Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19534

19534 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2022-0814 Ubigeo de Peru < 3.6.4 - Unauthenticated SQLi — Ubigeo de Perú para Woocommerce y WordPressCWE-89 9.8 -2022-05-09
CVE-2022-0592 MapSVG < 6.2.20 - Unauthenticated SQLi — MapSVGCWE-89 9.8 -2022-05-09
CVE-2022-0424 Popup by Supsystic < 1.10.9 - Unauthenticated Subscriber Email Addresses Disclosure — Popup by SupsysticCWE-306 5.3 -2022-05-09
CVE-2019-12254 TECSON/GOK: Improper Authentication and Access Control on multiple devices — e-litro netCWE-287 9.8 Critical2022-05-06
CVE-2022-28005 3CX Phone system(web)management console 安全漏洞 — n/a 9.8 -2022-05-06
CVE-2022-20785 ClamAV HTML Scanning Memory Leak Vulnerability Affecting Cisco Products: April 2022 — Cisco AMP for EndpointsCWE-401 7.5 High2022-05-04
CVE-2022-20771 ClamAV TIFF File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022 — Cisco AMP for EndpointsCWE-399 7.5 High2022-05-04
CVE-2022-20770 ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022 — Cisco AMP for EndpointsCWE-399 8.6 High2022-05-04
CVE-2022-23443 Fortinet FortiSOAR 安全漏洞 — Fortinet FortiSOAR 7.5 High2022-05-04
CVE-2022-20715 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access SSL VPN Denial of Service Vulnerability — Cisco Adaptive Security Appliance (ASA) SoftwareCWE-399 8.6 High2022-05-03
CVE-2022-20730 Cisco Firepower Threat Defense Software Security Intelligence DNS Feed Bypass Vulnerability — Cisco Firepower Threat Defense SoftwareCWE-241 4.0 Medium2022-05-03
CVE-2022-20740 Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability — Cisco Firepower Management Center 6.1.0CWE-80 6.1 Medium2022-05-03
CVE-2022-20742 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IPsec IKEv2 VPN Information Disclosure Vulnerability — Cisco Adaptive Security Appliance (ASA) SoftwareCWE-325 7.4 High2022-05-03
CVE-2022-20767 Cisco Firepower Threat Defense Software DNS Enforcement Denial of Service Vulnerability — Cisco Firepower Threat Defense SoftwareCWE-399 8.6 High2022-05-03
CVE-2022-20760 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software DNS Inspection Denial of Service Vulnerability — Cisco Adaptive Security Appliance (ASA) SoftwareCWE-400 8.6 High2022-05-03
CVE-2022-20757 Cisco Firepower Threat Defense Software Denial of Service Vulnerability — Cisco Firepower Threat Defense SoftwareCWE-770 8.6 High2022-05-03
CVE-2022-20751 Cisco Firepower Threat Defense Software Snort Out of Memory Denial of Service Vulnerability — Cisco Firepower Threat Defense SoftwareCWE-770 8.6 High2022-05-03
CVE-2022-20748 Cisco Firepower Threat Defense Software Local Malware Analysis Denial of Service Vulnerability — Cisco Firepower Threat Defense SoftwareCWE-664 5.3 Medium2022-05-03
CVE-2022-20746 Cisco Firepower Threat Defense Software TCP Proxy Denial of Service Vulnerability — Cisco Firepower Threat Defense SoftwareCWE-476 8.6 High2022-05-03
CVE-2022-20745 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Denial of Service Vulnerability — Cisco Adaptive Security Appliance (ASA) SoftwareCWE-20 8.6 High2022-05-03
CVE-2021-42528 XMP-Toolkit Null Pointer Dereference Application denial-of-service — XMP ToolkitCWE-476 5.5 Medium2022-05-02
CVE-2022-0952 Sitemap by click5 < 1.0.36 - Unauthenticated Arbitrary Options Update — Sitemap by click5 8.8 -2022-05-02
CVE-2022-0783 Multiple Shipping Address Woocommerce < 2.0 - Unauthenticated SQLi — Multiple Shipping Address WoocommerceCWE-89 9.8 -2022-05-02
CVE-2022-0773 Documentor <= 1.5.3 - Unauthenticated SQLi — Documentor – Create Product DocumentationCWE-89 9.8 -2022-05-02
CVE-2022-0771 SiteSuperCharger < 5.2.0 - Unauthenticated SQLi — SiteSuperChargerCWE-89 9.8 -2022-05-02
CVE-2021-25086 Advanced Page Visit Counter < 6.1.2 - Unauthenticated Stored Cross-Site Scripting — Advanced Page Visit Counter – Advanced WordPress Visit CounterCWE-79 6.1 -2022-05-02
CVE-2021-25002 Tipsacarrier < 1.5.0.5 - Unauthenticated Orders Disclosure — TipsacarrierCWE-862 7.5 -2022-05-02
CVE-2021-31674 Cyclos 4 PRO 跨站脚本漏洞 — n/a 6.1 -2022-05-01
CVE-2021-43938 Elcomplus SmartPTT SCADA Server Information Exposure — SmartPTT SCADA ServerCWE-200 8.1 High2022-04-29
CVE-2021-44596 Wondershare 安全漏洞 — n/a 9.8 -2022-04-29

Vulnerabilities classified as access:pre-auth represent 19534 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.