Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19534

19534 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2021-4045 TP-LINK Tapo C200 remote code execution vulnerability — Tapo C200CWE-77 9.8 Critical2022-03-07
CVE-2022-25219 Phicomm 多款产品安全漏洞 — Phicomm Routers 6.7 -2022-03-07
CVE-2022-24644 ZZ Inc. KeyMouse Windows 安全漏洞 — n/a 9.8 -2022-03-07
CVE-2022-25213 Phicomm 多款产品信任管理问题漏洞 — Phicomm Routers 6.8 -2022-03-07
CVE-2022-25215 Phicomm多款产品安全漏洞 — Phicomm Routers 5.3 -2022-03-07
CVE-2022-25218 多款PHICOMM产品加密问题漏洞 — Phicomm Routers 8.1 -2022-03-07
CVE-2022-25217 Phicomm 多款产品信任管理问题漏洞 — Phicomm Routers 7.8 -2022-03-07
CVE-2022-25214 Phicomm多款产品安全漏洞 — Phicomm Routers 7.4 -2022-03-07
CVE-2022-21170 Digital Arts i-FILTER 信任管理问题漏洞 — i-FILTER, i-FILTER Browser & Cloud MultiAgent for Windows, and D-SPA using i-FILTER 7.4 -2022-03-07
CVE-2022-0441 MasterStudy LMS < 2.7.6 - Unauthenticated Admin Account Creation — MasterStudy LMS – WordPress LMS PluginCWE-269 9.8 -2022-03-07
CVE-2022-0434 Page Views Count < 2.4.15 - Unauthenticated SQL Injection — Page View CountCWE-89 9.8 -2022-03-07
CVE-2022-0429 WP Cerber Security, Anti-spam & Malware Scan < 8.9.6 - Unauthenticated Stored Cross-Site Scripting — WP Cerber Security, Anti-spam & Malware ScanCWE-79 6.1 -2022-03-07
CVE-2022-0349 NotificationX < 2.3.9 - Unauthenticated Blind SQL Injection — NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With ElementorCWE-89 9.8 -2022-03-07
CVE-2021-25087 Wordpress Download Manager < 3.2.25 - Sensitive Information Disclosure — Download ManagerCWE-862 7.5 -2022-03-07
CVE-2021-40376 otris Update Manager 授权问题漏洞 — n/a 7.8 -2022-03-07
CVE-2021-46704 GenieACS 操作系统命令注入漏洞 — n/a 9.8 -2022-03-06
CVE-2021-46384 MingSoft MCMS 访问控制错误漏洞 — n/a 9.8 -2022-03-04
CVE-2021-46353 D-Link Dir-X1860 安全漏洞 — n/a 5.3 -2022-03-04
CVE-2022-26318 WatchGuard Firebox 安全漏洞 — n/a 9.8 -2022-03-04
CVE-2021-46382 NETGEAR WAC120 跨站脚本漏洞 — n/a 6.1 -2022-03-04
CVE-2021-46378 D-Link DIR850 ET850-1.08TRb03 安全漏洞 — n/a 7.5 -2022-03-04
CVE-2020-18326 Subrion CMS 跨站请求伪造漏洞 — n/a 8.8 -2022-03-04
CVE-2022-24573 Element-IT HTTP Commander 跨站脚本漏洞 — n/a 6.1 -2022-03-03
CVE-2021-41003 Aruba AOS-CX 跨站脚本漏洞 — Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series 9.6 -2022-03-02
CVE-2021-32586 Fortinet FortiMail 输入验证错误漏洞 — Fortinet FortiMail 7.7 High2022-03-01
CVE-2021-36171 Fortinet FortiPortal 安全特征问题漏洞 — Fortinet FortiPortal 8.1 High2022-03-01
CVE-2022-22262 ASUS Armoury Crate & Aura Creator Installer之ROG Live Service - Improper Link Resolution Before File Access — Armoury Crate & Aura Creator Installer (ROG Live Service)CWE-59 7.7 High2022-03-01
CVE-2020-12775 Hicos citizen certificate client-side component - Command Injection — citizen certificate client-side componentCWE-78 9.8 Critical2022-03-01
CVE-2020-22845 Mikrotik RouterOS 安全漏洞 — n/a 7.5 -2022-02-28
CVE-2020-22844 Mikrotik RouterOS 安全漏洞 — n/a 7.5 -2022-02-28

Vulnerabilities classified as access:pre-auth represent 19534 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.