19626 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.
The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2021-22127 | Fortinet FortiClient 操作系统命令注入漏洞 — Fortinet FortiClientLinux | 7.1 | High | 2022-04-06 |
| CVE-2021-43205 | Fortinet FortiClient 信息泄露漏洞 — Fortinet FortiClientLinux | 4.3 | Medium | 2022-04-06 |
| CVE-2021-32593 | Fortinet FortiWan 加密问题漏洞 — Fortinet FortiWAN | 6.5 | Medium | 2022-04-06 |
| CVE-2021-26114 | Fortinet FortiWan SQL注入漏洞 — Fortinet FortiWAN | 9.8 | Critical | 2022-04-06 |
| CVE-2021-26112 | Fortinet FortiWAN 缓冲区错误漏洞 — Fortinet FortiWAN | 8.1 | High | 2022-04-06 |
| CVE-2022-23441 | Fortinet FortiEDR 信任管理问题漏洞 — Fortinet FortiEDR | 9.1 | Critical | 2022-04-06 |
| CVE-2022-1248 | SAP Information System POST Request add_admin.php improper authentication — SAP Information SystemCWE-287 | 7.3 | High | 2022-04-06 |
| CVE-2021-30497 | Ivanti Avalanche 路径遍历漏洞 — n/a | 7.5 | - | 2022-04-06 |
| CVE-2022-26952 | Digi Passport 缓冲区错误漏洞 — n/a | 9.1 | - | 2022-04-06 |
| CVE-2022-28219 | ZOHO ManageEngine ADAudit Plus 代码问题漏洞 — n/a | 9.8 | - | 2022-04-05 |
| CVE-2022-23698 | Hewlett Packard Enterprise OneView 安全漏洞 — HPE OneView | 7.5 | - | 2022-04-04 |
| CVE-2022-25569 | Bettini Srl GAMS Product Line信任管理问题漏洞 — n/a | 9.8 | - | 2022-04-04 |
| CVE-2022-1167 | CareerUp < 2.3.1 - Unauthenticated Reflected Cross-Site Scripting — CareerupCWE-79 | 6.1 | - | 2022-04-04 |
| CVE-2022-0709 | Booking Package < 1.5.29 - Unauthenticated Sensitive Data Disclosure — Booking Package – Appointment Booking Calendar SystemCWE-200 | 7.5 | - | 2022-04-04 |
| CVE-2022-25160 | Mitsubishi Electric Factory Automation 安全漏洞 — Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU; Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100 | 7.5 | - | 2022-04-01 |
| CVE-2022-25159 | Mitsubishi Electric MELSEC iQ-F series 安全漏洞 — Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU; Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100 | 8.1 | - | 2022-04-01 |
| CVE-2022-25157 | Mitsubishi Electric MELSEC iQ-F series 授权问题漏洞 — Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU; Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2; Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03UDECPU; Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100; Mitsubishi Electric MELSEC L series L02/06/26CPU(-P); Mitsubishi Electric MELSEC L series L26CPU-(P)BT; Mitsubishi Electric MELSEC L series LJ71C24(-R2); Mitsubishi Electric MELSEC L series LJ71E71-100; Mitsubishi Electric MELSEC L series LJ72GF15-T2 | 7.4 | - | 2022-04-01 |
| CVE-2022-25155 | Mitsubishi Electric MELSEC iQ-F series 授权问题漏洞 — Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; Mitsubishi Electric MELSEC iQ-R series RJ71GN11-T2; Mitsubishi Electric MELSEC iQ-R series RJ71GN11-EIP; Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03UDECPU; Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100; Mitsubishi Electric MELSEC Q series QJ72BR15; Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE); Mitsubishi Electric MELSEC L series L02/06/26CPU(-P); Mitsubishi Electric MELSEC L series L26CPU-(P)BT; Mitsubishi Electric MELSEC L series LJ71C24(-R2); Mitsubishi Electric MELSEC L series LJ71E71-100; Mitsubishi Electric MELSEC L series LJ72GF15-T2 | 7.4 | - | 2022-04-01 |
| CVE-2022-25156 | Mitsubishi Electric MELSEC iQ-F series 加密问题漏洞 — Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03UDECPU; Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100; Mitsubishi Electric MELSEC Q series QJ72BR15; Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE); Mitsubishi Electric MELSEC L series L02/06/26CPU(-P); Mitsubishi Electric MELSEC L series L26CPU-(P)BT; Mitsubishi Electric MELSEC L series LJ71C24(-R2); Mitsubishi Electric MELSEC L series LJ71E71-100; Mitsubishi Electric MELSEC L series LJ72GF15-T2 | 7.4 | - | 2022-04-01 |
| CVE-2021-32503 | SICK FieldEcho 资源管理错误漏洞 — SICK FTMgCWE-862 | 8.2 | - | 2022-04-01 |
| CVE-2021-20238 | Red Hat OpenShift Container Platform 访问控制错误漏洞 — openshift/machine-config-operatorCWE-287 | 5.9 | - | 2022-04-01 |
| CVE-2022-24796 | Remote Command Injection in RaspberryMatic — RaspberryMaticCWE-78 | 10.0 | Critical | 2022-03-31 |
| CVE-2021-46006 | TotoLink A3100R 访问控制错误漏洞 — n/a | 7.5 | - | 2022-03-30 |
| CVE-2021-46009 | TotoLink A3100R 访问控制错误漏洞 — n/a | 9.8 | - | 2022-03-30 |
| CVE-2022-26951 | RSA Archer 跨站脚本漏洞 — n/a | 6.5 | Medium | 2022-03-29 |
| CVE-2021-44082 | Textpattern CMS 跨站脚本漏洞 — n/a | 8.0 | - | 2022-03-29 |
| CVE-2022-26871 | Trend Micro Apex Central 数据伪造问题漏洞 — Trend Micro Apex Central | 9.8 | - | 2022-03-29 |
| CVE-2022-1078 | SourceCodester College Website Management System sql injection — College Website Management SystemCWE-89 | 7.3 | High | 2022-03-29 |
| CVE-2022-0331 | Sophos Firewall 信息泄露漏洞 — Sophos Firewall | 5.3 | Medium | 2022-03-29 |
| CVE-2021-4191 | GitLab Enterprise Edition和GitLab Community Edition 授权问题漏洞 — GitLab | 5.3 | Medium | 2022-03-28 |
Vulnerabilities classified as access:pre-auth represent 19626 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.