19626 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.
The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-27924 | Zimbra 注入漏洞 — n/a | 5.3 | - | 2022-04-20 |
| CVE-2022-26133 | Atlassian Bitbucket Data Center 代码问题漏洞 — Bitbucket Data Center | 9.8 | - | 2022-04-20 |
| CVE-2022-0540 | Atlassian Jira 授权问题漏洞 — Jira Core Server | 9.8 | - | 2022-04-20 |
| CVE-2022-25343 | Kyocera d-COLOR MF3555 安全漏洞 — n/a | 7.5 | - | 2022-04-20 |
| CVE-2022-27629 | WordPress Plugin MicroPayments 跨站请求伪造漏洞 — MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership | 8.8 | - | 2022-04-20 |
| CVE-2022-21497 | Oracle Web Services Manager 输入验证错误漏洞 — Web Services Manager | 8.1 | High | 2022-04-19 |
| CVE-2022-21496 | Oracle Java SE 输入验证错误漏洞 — Java SE JDK and JRE | 5.3 | Medium | 2022-04-19 |
| CVE-2022-21492 | Oracle Fusion Middleware 缓冲区错误漏洞 — Business Intelligence Enterprise Edition | 6.1 | Medium | 2022-04-19 |
| CVE-2022-21480 | Oracle Transportation Management 输入验证错误漏洞 — Transportation Management | 6.1 | Medium | 2022-04-19 |
| CVE-2022-21476 | Oracle Java SE 输入验证错误漏洞 — Java SE JDK and JRE | 7.5 | High | 2022-04-19 |
| CVE-2022-21470 | Oracle PeopleSoft Enterprise PeopleTools 输入验证错误漏洞 — PeopleSoft Enterprise PT PeopleTools | 6.1 | Medium | 2022-04-19 |
| CVE-2022-21469 | Oracle Enterprise Manager Base Platform 输入验证错误漏洞 — Enterprise Manager Base Platform | 4.7 | Medium | 2022-04-19 |
| CVE-2022-21468 | Oracle E-Business Suite 输入验证错误漏洞 — Applications Framework | 6.1 | Medium | 2022-04-19 |
| CVE-2022-21466 | Oracle Commerce 输入验证错误漏洞 — Commerce Guided Search / Oracle Commerce Experience Manager | 7.5 | High | 2022-04-19 |
| CVE-2022-21464 | Oracle JD Edwards Products 输入验证错误漏洞 — JD Edwards EnterpriseOne Tools | 8.2 | High | 2022-04-19 |
| CVE-2022-21458 | Oracle PeopleSoft Products产品输入验证错误漏洞 — PeopleSoft Enterprise PT PeopleTools | 6.1 | Medium | 2022-04-19 |
| CVE-2022-21457 | Oracle MySQL 输入验证错误漏洞 — MySQL Server | 5.9 | Medium | 2022-04-19 |
| CVE-2022-21456 | Oracle PeopleSoft Enterprise PeopleTools产品安全漏洞 — PeopleSoft Enterprise PT PeopleTools | 6.1 | Medium | 2022-04-19 |
| CVE-2022-21453 | Oracle Fusion Middleware 缓冲区错误漏洞 — WebLogic Server | 6.1 | Medium | 2022-04-19 |
| CVE-2022-21449 | Oracle Java SE 输入验证错误漏洞 — Java SE JDK and JRE | 7.5 | High | 2022-04-19 |
| CVE-2022-21448 | Oracle Fusion Middleware 缓冲区错误漏洞 — Business Intelligence Enterprise Edition | 6.1 | Medium | 2022-04-19 |
| CVE-2022-21446 | Oracle Solaris 输入验证错误漏洞 — Solaris Operating System | 8.2 | High | 2022-04-19 |
| CVE-2022-21445 | Oracle Fusion Middleware 输入验证错误漏洞 — Application Development Framework (ADF) | 9.8 | Critical | 2022-04-19 |
| CVE-2022-21443 | Oracle Java SE 输入验证错误漏洞 — Java SE JDK and JRE | 3.7 | Low | 2022-04-19 |
| CVE-2022-21441 | Oracle WebLogic Server 输入验证错误漏洞 — WebLogic Server | 7.5 | High | 2022-04-19 |
| CVE-2022-21434 | Oracle Java SE 输入验证错误漏洞 — Java SE JDK and JRE | 5.3 | Medium | 2022-04-19 |
| CVE-2022-21431 | Oracle Communications Billing and Revenue Management 安全漏洞 — Communications Billing and Revenue Management | 10.0 | Critical | 2022-04-19 |
| CVE-2022-21426 | Oracle Java SE 输入验证错误漏洞 — Java SE JDK and JRE | 5.3 | Medium | 2022-04-19 |
| CVE-2022-21421 | Oracle Business Intelligence Enterprise Edition 输入验证错误漏洞 — Business Intelligence Enterprise Edition | 7.5 | High | 2022-04-19 |
| CVE-2022-21420 | Oracle Coherence 输入验证错误漏洞 — Coherence | 9.8 | Critical | 2022-04-19 |
Vulnerabilities classified as access:pre-auth represent 19626 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.