19542 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.
The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2021-43952 | Atlassian Jira 跨站请求伪造漏洞 — Jira Server | 4.3 | - | 2022-02-15 |
| CVE-2021-4201 | Pre-authentication session hijacking — Access ManagementCWE-284 | 9.6 | Critical | 2022-02-14 |
| CVE-2021-45310 | Sangoma Technologies Corporation Switchvox 信息泄露漏洞 — n/a | 7.5 | - | 2022-02-14 |
| CVE-2022-0214 | Popup | Custom Popup Builder < 1.3.1 - Unauthenticated Denial of Service — Popup | Custom Popup Builder | 7.5 | - | 2022-02-14 |
| CVE-2022-0212 | SpiderCalendar <= 1.5.65 - Reflected Cross-Site Scripting — SpiderCalendarCWE-79 | 6.1 | - | 2022-02-14 |
| CVE-2021-25115 | WP Photo Album Plus < 8.0.10 - Stored Cross-Site Scripting (XSS) — WP Photo Album PlusCWE-79 | 5.4 | - | 2022-02-14 |
| CVE-2021-25107 | Form Store to DB < 1.1.1 - Unauthenticated Stored Cross-Site Scripting — Form Store to DBCWE-79 | 6.1 | - | 2022-02-14 |
| CVE-2022-24977 | ImpressCMS 安全漏洞 — n/a | 9.8 | - | 2022-02-13 |
| CVE-2021-31932 | Nokia BTS TRS web console 安全漏洞 — n/a | 9.8 | - | 2022-02-11 |
| CVE-2021-44850 | Xilinx Zynq-7000 数据伪造问题漏洞 — n/a | 6.8 | - | 2022-02-10 |
| CVE-2022-20738 | Cisco Umbrella Secure Web Gateway File Inspection Bypass Vulnerability — Cisco Umbrella Insights Virtual ApplianceCWE-693 | 5.8 | Medium | 2022-02-10 |
| CVE-2021-41445 | D-Link DIR-X1860 跨站脚本漏洞 — n/a | 6.1 | - | 2022-02-10 |
| CVE-2022-24111 | Catalyst IT Mahara 访问控制错误漏洞 — n/a | 4.3 | - | 2022-02-10 |
| CVE-2022-22536 | SAP多个产品环境问题漏洞 — SAP NetWeaver and ABAP PlatformCWE-444 | 9.8 | - | 2022-02-09 |
| CVE-2022-22534 | SAP Netweaver 跨站脚本漏洞 — SAP NetWeaver (ABAP and Java application Servers) | 6.1 | - | 2022-02-09 |
| CVE-2022-22532 | SAP多个产品环境问题漏洞 — SAP NetWeaver Application Server JavaCWE-444 | 9.8 | - | 2022-02-09 |
| CVE-2022-21205 | Intel Quartus Prime Pro 代码问题漏洞 — Intel(R) Quartus(R) Prime Pro Edition | 7.5 | - | 2022-02-09 |
| CVE-2021-33110 | Intel Wireless Bluetooth 和 Killer Bluetooth 输入验证错误漏洞 — Intel(R) Wireless Bluetooth(R) products and Killer(TM) Bluetooth(R) products in Windows 10 and 11 | 6.5 | - | 2022-02-09 |
| CVE-2021-33113 | Intel PROSet/Wireless WiFi Software 输入验证错误漏洞 — Intel(R) PROSet/Wireless WiFi in multiple operating systems and Killer(TM) WiFi in Windows 10 and 11 | 8.1 | - | 2022-02-09 |
| CVE-2021-33115 | Intel PROSet/Wireless WiFi Software 输入验证错误漏洞 — Intel(R) PROSet/Wireless WiFi in UEFI | 8.8 | - | 2022-02-09 |
| CVE-2021-33107 | Intel 多款产品安全漏洞 — Intel(R) AMT SDK before version 16.0.3, Intel(R) SCS before version 12.2 and Intel(R) MEBx | 4.6 | - | 2022-02-09 |
| CVE-2021-0178 | Intel 多款产品输入验证错误漏洞 — Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 | 6.5 | - | 2022-02-09 |
| CVE-2021-0183 | Intel 多款产品输入验证错误漏洞 — Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 | 6.5 | - | 2022-02-09 |
| CVE-2021-0177 | Intel 多款产品输入验证错误漏洞 — Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 | 6.5 | - | 2022-02-09 |
| CVE-2021-0179 | Intel 多款产品输入验证错误漏洞 — Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 | 6.5 | - | 2022-02-09 |
| CVE-2021-0174 | Intel 多款产品输入验证错误漏洞 — Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 | 6.5 | - | 2022-02-09 |
| CVE-2021-0175 | Intel 多款产品输入验证错误漏洞 — Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 | 6.5 | - | 2022-02-09 |
| CVE-2021-0172 | Intel 多款产品输入验证错误漏洞 — Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 | 6.5 | - | 2022-02-09 |
| CVE-2021-0173 | Intel 多款产品输入验证错误漏洞 — Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 | 6.5 | - | 2022-02-09 |
| CVE-2021-0165 | Intel 多款产品输入验证错误漏洞 — Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and Killer(TM) Wi-Fi in Windows 10 and 11 | 6.5 | - | 2022-02-09 |
Vulnerabilities classified as access:pre-auth represent 19542 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.