19524 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.
The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-1167 | CareerUp < 2.3.1 - Unauthenticated Reflected Cross-Site Scripting — CareerupCWE-79 | 6.1 | - | 2022-04-04 |
| CVE-2022-0709 | Booking Package < 1.5.29 - Unauthenticated Sensitive Data Disclosure — Booking Package – Appointment Booking Calendar SystemCWE-200 | 7.5 | - | 2022-04-04 |
| CVE-2022-25160 | Mitsubishi Electric Factory Automation 安全漏洞 — Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU; Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100 | 7.5 | - | 2022-04-01 |
| CVE-2022-25159 | Mitsubishi Electric MELSEC iQ-F series 安全漏洞 — Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU; Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100 | 8.1 | - | 2022-04-01 |
| CVE-2022-25157 | Mitsubishi Electric MELSEC iQ-F series 授权问题漏洞 — Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU; Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2; Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03UDECPU; Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100; Mitsubishi Electric MELSEC L series L02/06/26CPU(-P); Mitsubishi Electric MELSEC L series L26CPU-(P)BT; Mitsubishi Electric MELSEC L series LJ71C24(-R2); Mitsubishi Electric MELSEC L series LJ71E71-100; Mitsubishi Electric MELSEC L series LJ72GF15-T2 | 7.4 | - | 2022-04-01 |
| CVE-2022-25155 | Mitsubishi Electric MELSEC iQ-F series 授权问题漏洞 — Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; Mitsubishi Electric MELSEC iQ-R series RJ71GN11-T2; Mitsubishi Electric MELSEC iQ-R series RJ71GN11-EIP; Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03UDECPU; Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100; Mitsubishi Electric MELSEC Q series QJ72BR15; Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE); Mitsubishi Electric MELSEC L series L02/06/26CPU(-P); Mitsubishi Electric MELSEC L series L26CPU-(P)BT; Mitsubishi Electric MELSEC L series LJ71C24(-R2); Mitsubishi Electric MELSEC L series LJ71E71-100; Mitsubishi Electric MELSEC L series LJ72GF15-T2 | 7.4 | - | 2022-04-01 |
| CVE-2022-25156 | Mitsubishi Electric MELSEC iQ-F series 加密问题漏洞 — Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03UDECPU; Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100; Mitsubishi Electric MELSEC Q series QJ72BR15; Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE); Mitsubishi Electric MELSEC L series L02/06/26CPU(-P); Mitsubishi Electric MELSEC L series L26CPU-(P)BT; Mitsubishi Electric MELSEC L series LJ71C24(-R2); Mitsubishi Electric MELSEC L series LJ71E71-100; Mitsubishi Electric MELSEC L series LJ72GF15-T2 | 7.4 | - | 2022-04-01 |
| CVE-2021-32503 | SICK FieldEcho 资源管理错误漏洞 — SICK FTMgCWE-862 | 8.2 | - | 2022-04-01 |
| CVE-2021-20238 | Red Hat OpenShift Container Platform 访问控制错误漏洞 — openshift/machine-config-operatorCWE-287 | 5.9 | - | 2022-04-01 |
| CVE-2022-24796 | Remote Command Injection in RaspberryMatic — RaspberryMaticCWE-78 | 10.0 | Critical | 2022-03-31 |
| CVE-2021-46006 | TotoLink A3100R 访问控制错误漏洞 — n/a | 7.5 | - | 2022-03-30 |
| CVE-2021-46009 | TotoLink A3100R 访问控制错误漏洞 — n/a | 9.8 | - | 2022-03-30 |
| CVE-2022-26951 | RSA Archer 跨站脚本漏洞 — n/a | 6.5 | Medium | 2022-03-29 |
| CVE-2021-44082 | Textpattern CMS 跨站脚本漏洞 — n/a | 8.0 | - | 2022-03-29 |
| CVE-2022-26871 | Trend Micro Apex Central 数据伪造问题漏洞 — Trend Micro Apex Central | 9.8 | - | 2022-03-29 |
| CVE-2022-1078 | SourceCodester College Website Management System sql injection — College Website Management SystemCWE-89 | 7.3 | High | 2022-03-29 |
| CVE-2022-0331 | Sophos Firewall 信息泄露漏洞 — Sophos Firewall | 5.3 | Medium | 2022-03-29 |
| CVE-2021-4191 | GitLab Enterprise Edition和GitLab Community Edition 授权问题漏洞 — GitLab | 5.3 | Medium | 2022-03-28 |
| CVE-2022-0846 | SpeakOut! Email Petitions < 2.14.15.1 - Unauthenticated SQLi — SpeakOut! Email PetitionsCWE-89 | 9.8 | - | 2022-03-28 |
| CVE-2022-0833 | Church Admin < 3.4.135 - Unauthenticated Plugin's Backup Disclosure — Church Admin | 4.3 | - | 2022-03-28 |
| CVE-2022-0818 | Coupon Affiliates < 4.16.4.5 - Unauthenticated Stored XSS — WooCommerce Affiliate Plugin – Coupon AffiliatesCWE-79 | 6.1 | - | 2022-03-28 |
| CVE-2022-0787 | Limit Login Attempts (Spam Protection) < 5.1 - Unauthenticated SQLi — Limit Login Attempts (Spam Protection)CWE-89 | 9.8 | - | 2022-03-28 |
| CVE-2022-0784 | Title Experiments Free < 9.0.1 - Unauthenticated SQLi — Title Experiments FreeCWE-89 | 9.8 | - | 2022-03-28 |
| CVE-2022-0680 | Plezi < 1.0.3 - Unauthenticated Stored XSS — PleziCWE-79 | 6.1 | - | 2022-03-28 |
| CVE-2022-0679 | Narnoo Distributor <= 2.5.1 - Unauthenticated LFI to Arbitrary File Read / RCE — Narnoo DistributorCWE-22 | 9.8 | - | 2022-03-28 |
| CVE-2021-24978 | OSMapper <= 2.1.5 - Unauthenticated Arbitrary Post Deletion — OSMapperCWE-862 | 7.5 | - | 2022-03-28 |
| CVE-2021-26598 | ImpressCMS 授权问题漏洞 — n/a | 5.3 | - | 2022-03-28 |
| CVE-2022-26254 | Envato WoWonder 安全漏洞 — n/a | 5.3 | - | 2022-03-27 |
| CVE-2022-26258 | D-Link Dir-820L 操作系统命令注入漏洞 — n/a | 9.8 | - | 2022-03-27 |
| CVE-2022-22274 | SonicOS 缓冲区错误漏洞 — SonicOSCWE-121 | 9.8 | - | 2022-03-25 |
Vulnerabilities classified as access:pre-auth represent 19524 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.