Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19534

19534 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2022-0747 Infographic Maker - iList < 4.3.8 - Unauthenticated SQL Injection — Infographic Maker – iListCWE-89 9.8 -2022-03-21
CVE-2022-0739 BookingPress < 1.0.11 - Unauthenticated SQL Injection — BookingPress – Appointments Booking Calendar Plugin and Online Scheduling PluginCWE-89 9.8 -2022-03-21
CVE-2022-0694 Advanced Booking Calendar < 1.7.0 - Unauthenticated SQL Injection — Advanced Booking CalendarCWE-89 9.8 -2022-03-21
CVE-2022-0591 Formcraft3 < 3.8.28 - Unauthenticated SSRF — FormCraftCWE-918 9.1 -2022-03-21
CVE-2022-0229 miniOrange's Google Authenticator < 5.5 - Unauthenticated Arbitrary Options Deletion — miniOrange's Google Authenticator 8.1 -2022-03-21
CVE-2022-24236 Snapt Aria安全漏洞 — n/a 4.3 -2022-03-21
CVE-2022-26960 elFinder 路径遍历漏洞 — n/a 9.1 -2022-03-21
CVE-2021-45876 GARO Wallbox GLB/GTB/GTC 命令注入漏洞 — n/a 9.8 -2022-03-21
CVE-2020-25180 Rockwell Automation ISaGRAF5 Runtime Use of Hard-coded Cryptographic Key — ISaGRAF RuntimeCWE-321 5.3 Medium2022-03-18
CVE-2020-25184 Rockwell Automation ISaGRAF5 Runtime Unprotected Storage of Credentials — ISaGRAF RuntimeCWE-256 7.8 High2022-03-18
CVE-2020-25176 Rockwell Automation ISaGRAF5 Runtime Relative Path Traversal — ISaGRAF RuntimeCWE-23 9.1 Critical2022-03-18
CVE-2020-25178 Rockwell Automation ISaGRAF5 Runtime Cleartext Transmission of Sensitive Information — ISaGRAF RuntimeCWE-319 7.5 High2022-03-18
CVE-2020-25182 Rockwell Automation ISaGRAF5 Runtime Uncontrolled Search Path Element — ISaGRAF RuntimeCWE-427 6.7 Medium2022-03-18
CVE-2021-45835 Online Admission System 代码问题漏洞 — n/a 9.8 -2022-03-18
CVE-2022-24655 Netgear EX6100v1 缓冲区错误漏洞 — n/a 9.8 -2022-03-18
CVE-2022-24637 Open Web Analytics Server 安全漏洞 — n/a 9.8 -2022-03-18
CVE-2021-44087 Attendance and Payroll System 安全漏洞 — n/a 9.8 -2022-03-17
CVE-2020-15591 F*EX 代码注入漏洞 — n/a 9.8 -2022-03-17
CVE-2022-0918 Red Hat 389 Directory Server 安全漏洞 — 389-ds-base 7.5 -2022-03-16
CVE-2022-25251 PTC Axeda agent and Axeda Desktop Server Missing Authentication For Critical Function — Axeda agentCWE-306 9.8 Critical2022-03-16
CVE-2022-25252 PTC Axeda agent and Axeda Desktop Server Improper Check or Handling Of Exceptional Conditions — Axeda agentCWE-703 7.5 High2022-03-16
CVE-2022-25250 PTC Axeda agent and Axeda Desktop Server Missing Authentication For Critical Function — Axeda agentCWE-306 7.5 High2022-03-16
CVE-2022-25249 PTC Axeda agent and Axeda Desktop Server Path Traversal — Axeda agentCWE-22 7.5 High2022-03-16
CVE-2022-25247 PTC Axeda agent and Axeda Desktop Server Missing Authentication For Critical Function — Axeda agentCWE-306 9.8 Critical2022-03-16
CVE-2021-40742 Adobe Audition NULL Pointer Dereference Application denial-of-service — AuditionCWE-476 5.5 Medium2022-03-16
CVE-2021-40737 Adobe Audition NULL Pointer Dereference Application denial-of-service — AuditionCWE-476 5.5 Medium2022-03-16
CVE-2021-40741 Adobe Audition Memory Corruption could lead to Application denial-of-service — AuditionCWE-788 5.5 -2022-03-16
CVE-2021-42264 Adobe Premiere Pro Null Pointer Dereference Application denial-of-service — PremiereCWE-476 5.5 Medium2022-03-16
CVE-2021-42263 Adobe Premiere Pro Null Pointer Dereference Application denial-of-service — PremiereCWE-476 5.5 Medium2022-03-16
CVE-2021-40796 Adobe Premiere Pro Null Pointer Dereference Application denial-of-service — PremiereCWE-476 5.5 Medium2022-03-16

Vulnerabilities classified as access:pre-auth represent 19534 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.