Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19542

19542 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2022-24573 Element-IT HTTP Commander 跨站脚本漏洞 — n/a 6.1 -2022-03-03
CVE-2021-41003 Aruba AOS-CX 跨站脚本漏洞 — Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series 9.6 -2022-03-02
CVE-2021-32586 Fortinet FortiMail 输入验证错误漏洞 — Fortinet FortiMail 7.7 High2022-03-01
CVE-2021-36171 Fortinet FortiPortal 安全特征问题漏洞 — Fortinet FortiPortal 8.1 High2022-03-01
CVE-2022-22262 ASUS Armoury Crate & Aura Creator Installer之ROG Live Service - Improper Link Resolution Before File Access — Armoury Crate & Aura Creator Installer (ROG Live Service)CWE-59 7.7 High2022-03-01
CVE-2020-12775 Hicos citizen certificate client-side component - Command Injection — citizen certificate client-side componentCWE-78 9.8 Critical2022-03-01
CVE-2020-22845 Mikrotik RouterOS 安全漏洞 — n/a 7.5 -2022-02-28
CVE-2020-22844 Mikrotik RouterOS 安全漏洞 — n/a 7.5 -2022-02-28
CVE-2022-23988 WS Form < 1.8.176 - Unauthenticated Stored Cross-Site Scripting — WS Form LITE – Drag & Drop Contact Form Builder for WordPressCWE-79 6.1 -2022-02-28
CVE-2022-0412 TI WooCommerce Wishlist < 1.40.1 - Unauthenticated Blind SQL Injection — TI WooCommerce WishlistCWE-89 9.8 -2022-02-28
CVE-2022-0385 Crazy Bone <= 0.6.0 - Unauthenticated Stored XSS — Crazy BoneCWE-79 6.1 -2022-02-28
CVE-2021-24994 WPvivid Backup and Migration Plugin < 0.9.69 - Unauthenticated Stored Cross-Site Scripting — Migration, Backup, Staging – WPvivid Backup and Migration PluginCWE-79 6.1 -2022-02-28
CVE-2021-24977 Use Any Font < 6.2.1 - Unauthenticated Arbitrary CSS Appending — Use Any Font | Custom Font UploaderCWE-862 6.1 -2022-02-28
CVE-2021-24688 Orange Form <= 1.0.1 - Unauthenticated Arbitrary Post Deletion — Orange FormCWE-284 4.3 -2022-02-28
CVE-2022-26159 Ametys Cms 信息泄露漏洞 — n/a 7.5 -2022-02-28
CVE-2022-25359 Industrial Control Links Icl ScadaFlex II Scada Controllers 访问控制错误漏洞 — n/a 9.1 -2022-02-26
CVE-2022-25095 Home Owners Collection Management System 安全漏洞 — n/a 9.8 -2022-02-25
CVE-2022-24336 JetBrains TeamCity 授权问题漏洞 — n/a 5.3 -2022-02-25
CVE-2022-25149 WP Statistics <= 13.1.5 Unauthenticated Blind SQL Injection via IP — WP StatisticsCWE-89 9.8 Critical2022-02-24
CVE-2022-0651 WP Statistics <= 13.1.5 Unauthenticated Blind SQL Injection via current_page_type — WP StatisticsCWE-89 9.8 Critical2022-02-24
CVE-2020-14502 Rockwell Automation 1734-AENTR 跨站脚本漏洞 — 1734-AENTRCWE-79 6.1 -2022-02-24
CVE-2020-14504 Rockwell Automation 1734-AENTR 授权问题漏洞 — 1734-AENTRCWE-284 7.5 -2022-02-24
CVE-2022-22794 Cybonet - PineApp Mail Relay Unauthenticated Sql Injection — Pineapp Mail Relay 6.8 Medium2022-02-24
CVE-2022-25355 EC-CUBE 安全漏洞 — EC-CUBE 3 series and EC-CUBE 4 series 5.3 -2022-02-24
CVE-2022-24435 PhpUploader 跨站脚本漏洞 — phpUploader 6.1 -2022-02-24
CVE-2022-23986 PhpUploader SQL注入漏洞 — phpUploader 7.5 -2022-02-24
CVE-2022-21179 Ec-cube 跨站请求伪造漏洞 — EC-CUBE plugin 'Mail Magazine Management Plugin' 7.1 -2022-02-24
CVE-2022-21142 Appleple a-blog cms 授权问题漏洞 — a-blog cms 9.8 -2022-02-24
CVE-2021-26092 Fortinet FortiGate 跨站脚本漏洞 — Fortinet FortiOS, FortiProxy 4.7 Medium2022-02-24
CVE-2022-25329 Trend Micro ServerProtect信任管理问题漏洞 — Trend Micro ServerProtect for Storage 9.8 -2022-02-24

Vulnerabilities classified as access:pre-auth represent 19542 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.