Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19518

19518 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2021-3849 Lenovo Fan Power Controller2和Lenovo System Management Module 授权问题漏洞 — Fan Power Controller2 (FPC2)CWE-288 9.8 Critical2022-04-22
CVE-2022-26674 ASUS RT-AX88U - Format String — RT-AX88UCWE-134 9.8 Critical2022-04-22
CVE-2022-26672 ASUS WebStorage - Use of Hard-coded Credentials — WebStorageCWE-798 7.3 High2022-04-22
CVE-2022-24424 DELL EMC AppSync 路径遍历漏洞 — AppSyncCWE-22 7.5 High2022-04-21
CVE-2022-24423 Dell iDRAC8 输入验证错误漏洞 — Integrated Dell Remote Access Controller 8CWE-20 5.3 Medium2022-04-21
CVE-2022-20773 Cisco Umbrella Virtual Appliance Static SSH Host Key Vulnerability — Cisco Umbrella Insights Virtual ApplianceCWE-321 7.5 High2022-04-21
CVE-2022-20804 Cisco Unified Communications Products Denial of Service Vulnerability — Cisco Unified Communications ManagerCWE-754 5.3 Medium2022-04-21
CVE-2022-20795 Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense Software AnyConnect SSL VPN Denial of Service Vulnerability — Cisco Adaptive Security Appliance (ASA) SoftwareCWE-345 5.8 Medium2022-04-21
CVE-2022-20788 Cisco Unified Communications Products Cross-Site Scripting Vulnerability — Cisco Unified Communications ManagerCWE-79 6.1 Medium2022-04-21
CVE-2022-20783 Cisco TelePresence Collaboration Endpoint and RoomOS Software H.323 Denial of Service Vulnerability — Cisco RoomOS SoftwareCWE-1287 7.5 High2022-04-21
CVE-2022-20778 Cisco Webex Meetings Cross-Site Scripting Vulnerability — Cisco Webex MeetingsCWE-79 6.1 Medium2022-04-21
CVE-2022-27926 Zimbra 安全漏洞 — n/a 6.1 -2022-04-20
CVE-2022-27924 Zimbra 注入漏洞 — n/a 5.3 -2022-04-20
CVE-2022-26133 Atlassian Bitbucket Data Center 代码问题漏洞 — Bitbucket Data Center 9.8 -2022-04-20
CVE-2022-0540 Atlassian Jira 授权问题漏洞 — Jira Core Server 9.8 -2022-04-20
CVE-2022-25343 Kyocera d-COLOR MF3555 安全漏洞 — n/a 7.5 -2022-04-20
CVE-2022-27629 WordPress Plugin MicroPayments 跨站请求伪造漏洞 — MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership 8.8 -2022-04-20
CVE-2022-21497 Oracle Web Services Manager 输入验证错误漏洞 — Web Services Manager 8.1 High2022-04-19
CVE-2022-21496 Oracle Java SE 输入验证错误漏洞 — Java SE JDK and JRE 5.3 Medium2022-04-19
CVE-2022-21492 Oracle Fusion Middleware 缓冲区错误漏洞 — Business Intelligence Enterprise Edition 6.1 Medium2022-04-19
CVE-2022-21480 Oracle Transportation Management 输入验证错误漏洞 — Transportation Management 6.1 Medium2022-04-19
CVE-2022-21476 Oracle Java SE 输入验证错误漏洞 — Java SE JDK and JRE 7.5 High2022-04-19
CVE-2022-21470 Oracle PeopleSoft Enterprise PeopleTools 输入验证错误漏洞 — PeopleSoft Enterprise PT PeopleTools 6.1 Medium2022-04-19
CVE-2022-21469 Oracle Enterprise Manager Base Platform 输入验证错误漏洞 — Enterprise Manager Base Platform 4.7 Medium2022-04-19
CVE-2022-21468 Oracle E-Business Suite 输入验证错误漏洞 — Applications Framework 6.1 Medium2022-04-19
CVE-2022-21466 Oracle Commerce 输入验证错误漏洞 — Commerce Guided Search / Oracle Commerce Experience Manager 7.5 High2022-04-19
CVE-2022-21464 Oracle JD Edwards Products 输入验证错误漏洞 — JD Edwards EnterpriseOne Tools 8.2 High2022-04-19
CVE-2022-21458 Oracle PeopleSoft Products产品输入验证错误漏洞 — PeopleSoft Enterprise PT PeopleTools 6.1 Medium2022-04-19
CVE-2022-21457 Oracle MySQL 输入验证错误漏洞 — MySQL Server 5.9 Medium2022-04-19
CVE-2022-21456 Oracle PeopleSoft Enterprise PeopleTools产品安全漏洞 — PeopleSoft Enterprise PT PeopleTools 6.1 Medium2022-04-19

Vulnerabilities classified as access:pre-auth represent 19518 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.