Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19539

19539 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2022-1078 SourceCodester College Website Management System sql injection — College Website Management SystemCWE-89 7.3 High2022-03-29
CVE-2022-0331 Sophos Firewall 信息泄露漏洞 — Sophos Firewall 5.3 Medium2022-03-29
CVE-2021-4191 GitLab Enterprise Edition和GitLab Community Edition 授权问题漏洞 — GitLab 5.3 Medium2022-03-28
CVE-2022-0846 SpeakOut! Email Petitions < 2.14.15.1 - Unauthenticated SQLi — SpeakOut! Email PetitionsCWE-89 9.8 -2022-03-28
CVE-2022-0833 Church Admin < 3.4.135 - Unauthenticated Plugin's Backup Disclosure — Church Admin 4.3 -2022-03-28
CVE-2022-0818 Coupon Affiliates < 4.16.4.5 - Unauthenticated Stored XSS — WooCommerce Affiliate Plugin – Coupon AffiliatesCWE-79 6.1 -2022-03-28
CVE-2022-0787 Limit Login Attempts (Spam Protection) < 5.1 - Unauthenticated SQLi — Limit Login Attempts (Spam Protection)CWE-89 9.8 -2022-03-28
CVE-2022-0784 Title Experiments Free < 9.0.1 - Unauthenticated SQLi — Title Experiments FreeCWE-89 9.8 -2022-03-28
CVE-2022-0680 Plezi < 1.0.3 - Unauthenticated Stored XSS — PleziCWE-79 6.1 -2022-03-28
CVE-2022-0679 Narnoo Distributor <= 2.5.1 - Unauthenticated LFI to Arbitrary File Read / RCE — Narnoo DistributorCWE-22 9.8 -2022-03-28
CVE-2021-24978 OSMapper <= 2.1.5 - Unauthenticated Arbitrary Post Deletion — OSMapperCWE-862 7.5 -2022-03-28
CVE-2021-26598 ImpressCMS 授权问题漏洞 — n/a 5.3 -2022-03-28
CVE-2022-26254 Envato WoWonder 安全漏洞 — n/a 5.3 -2022-03-27
CVE-2022-26258 D-Link Dir-820L 操作系统命令注入漏洞 — n/a 9.8 -2022-03-27
CVE-2022-22274 SonicOS 缓冲区错误漏洞 — SonicOSCWE-121 9.8 -2022-03-25
CVE-2021-40906 CheckMK Raw Edition 跨站脚本漏洞 — n/a 4.7 -2022-03-25
CVE-2021-44905 Fortessa FTBTLD Smart Lock 安全漏洞 — n/a 5.3 -2022-03-25
CVE-2022-25610 WordPress Simple Ajax Chat plugin <= 20220115 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability — Simple Ajax Chat (WordPress plugin)CWE-79 3.4 Low2022-03-25
CVE-2021-31326 D-Link DIR-816 A2 授权问题漏洞 — n/a 9.8 -2022-03-23
CVE-2022-27192 Aseco Lietuva document management system DVS Avilys 日志信息泄露漏洞 — n/a 7.5 -2022-03-23
CVE-2022-0888 Ninja Forms - File Uploads Extension <= 3.3.0 - Arbitrary File Upload — Ninja Forms - File UploadsCWE-434 9.8 Critical2022-03-23
CVE-2022-0889 Ninja Forms - File Uploads Extension <= 3.3.12 - Reflected Cross-Site Scripting — Ninja Forms - File UploadsCWE-79 7.2 High2022-03-23
CVE-2021-27476 Rockwell Automation FactoryTalk AssetCentre OS Command Injection — FactoryTalk AssetCentreCWE-78 10.0 Critical2022-03-23
CVE-2021-27470 Rockwell Automation FactoryTalk AssetCentre Deserialization of Untrusted Data — FactoryTalk AssetCentreCWE-502 10.0 Critical2022-03-23
CVE-2021-27466 Rockwell Automation FactoryTalk AssetCentre Deserialization of Untrusted Data — FactoryTalk AssetCentreCWE-502 10.0 Critical2022-03-23
CVE-2021-27474 Rockwell Automation FactoryTalk AssetCentre Use of Potentially Dangerous Function — FactoryTalk AssetCentreCWE-676 10.0 Critical2022-03-23
CVE-2021-27468 Rockwell Automation FactoryTalk AssetCentre SQL Injection — FactoryTalk AssetCentreCWE-89 10.0 Critical2022-03-23
CVE-2021-27472 Rockwell Automation FactoryTalk AssetCentre SQL Injection — FactoryTalk AssetCentreCWE-89 10.0 Critical2022-03-23
CVE-2021-27462 Rockwell Automation FactoryTalk AssetCentre Deserialization of Untrusted Data — FactoryTalk AssetCentreCWE-502 10.0 Critical2022-03-23
CVE-2021-27464 Rockwell Automation FactoryTalk AssetCentre SQL Injection — FactoryTalk AssetCentreCWE-89 10.0 Critical2022-03-23

Vulnerabilities classified as access:pre-auth represent 19539 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.