Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19626

19626 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2021-25093 Link Library < 7.2.8 - Unauthenticated Arbitrary Links Deletion — Link LibraryCWE-862 7.5 -2022-02-01
CVE-2021-24975 NextScripts: Social Networks Auto-Poster < 4.3.24 - Unauthenticated Stored XSS — NextScripts: Social Networks Auto-PosterCWE-79 6.1 -2022-02-01
CVE-2021-24775 Document Embedder < 1.7.5 - Unauthenticated Arbitrary Private/Draft Post Title Disclosure — n/a 5.3 -2022-02-01
CVE-2021-24814 WordPress GDPR & CCPA < 1.9.26 - Authenticated Reflected Cross-Site Scripting — n/a 9.6 -2022-02-01
CVE-2021-24762 Perfect Survey < 1.5.2 - Unauthenticated SQL Injection — Perfect SurveyCWE-89 9.8 -2022-02-01
CVE-2021-24763 Perfect Survey < 1.5.2 - Unauthorised AJAX Call to Stored XSS / Survey Settings Update — n/a 5.4 -2022-02-01
CVE-2021-42635 PrinterLogic Web Stack 信任管理问题漏洞 — n/a 8.1 -2022-01-31
CVE-2021-42631 PrinterLogic Web Stack 代码问题漏洞 — n/a 8.1 -2022-01-31
CVE-2021-41608 ClassApps SelectSurvey.NET 安全漏洞 — n/a 7.5 -2022-01-28
CVE-2021-41609 ClassApps SelectSurvey.NET SQL注入漏洞 — n/a 9.8 -2022-01-28
CVE-2016-3735 Piwigo 安全漏洞 — PiwigoCWE-335 8.1 -2022-01-28
CVE-2021-44692 BuddyBoss Platform 信息泄露漏洞 — n/a 5.3 -2022-01-26
CVE-2021-41766 Insecure Java Deserialization in Apache Karaf — Apache Karaf 8.1 -2022-01-26
CVE-2022-23968 Xerox VersaLink 安全漏洞 — n/a 7.5 -2022-01-26
CVE-2021-36346 Dell EMC iDRAC 安全漏洞 — Integrated Dell Remote Access Controller (iDRAC)CWE-287 5.3 -2022-01-25
CVE-2021-36294 Dell Vnx2 Oe For File 安全特征问题漏洞 — VNX Control StationCWE-331 9.8 Critical2022-01-25
CVE-2021-43298 Embedthis Software GoAhead 安全漏洞 — goaheadCWE-208 9.1 -2022-01-25
CVE-2022-23944 Apache ShenYu 2.4.1 Improper access control — Apache ShenYu (incubating)CWE-862 9.1 -2022-01-25
CVE-2021-43588 Dell Emc Data Protection Central 输入验证错误漏洞 — Data Protection CentralCWE-20 4.3 Medium2022-01-24
CVE-2020-17383 Telos Alliance Telos Z/Ip One 路径遍历漏洞 — n/a 9.8 -2022-01-24
CVE-2021-25080 Contact Form Entries < 1.1.7 - Unauthenticated Stored Cross-Site Scripting — Contact Form Entries – Contact Form 7, WPforms and moreCWE-79 6.1 -2022-01-24
CVE-2021-25078 Affiliates Manager < 2.9.0 - Unauthenticated Stored Cross-Site Scripting — Affiliates ManagerCWE-79 6.1 -2022-01-24
CVE-2021-24906 Protect WP Admin < 3.6.2 - Unauthenticated Plugin Deactivation — Protect WP AdminCWE-862 7.5 -2022-01-24
CVE-2022-23855 Saviynt Enterprise Identity Cloud 授权问题漏洞 — n/a 9.8 -2022-01-24
CVE-2021-46024 online-shopping-webvsite-in-php SQL注入漏洞 — n/a 9.8 -2022-01-23
CVE-2022-22553 DELL EMC AppSync 安全漏洞 — AppSyncCWE-307 8.1 High2022-01-21
CVE-2022-22552 DELL EMC AppSync 安全漏洞 — AppSyncCWE-1021 6.9 Medium2022-01-21
CVE-2022-22551 DELL EMC AppSync 授权问题漏洞 — AppSyncCWE-598 8.3 High2022-01-21
CVE-2021-43355 Fresenius Kabi Agilia Connect Infusion System use of client side authentication — Vigilant Software Suite (Mastermed Dashboard)CWE-603 7.3 High2022-01-21
CVE-2021-33843 Fresenius Kabi Agilia Connect Infusion System files or directories accessible to external parties — Agilia Connect WiFi CWE-552 5.3 Medium2022-01-21

Vulnerabilities classified as access:pre-auth represent 19626 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.