19626 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.
The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2021-23233 | Fresenius Kabi Agilia Connect Infusion System — Agilia Link+CWE-284 | 7.3 | High | 2022-01-21 |
| CVE-2022-23128 | Mitsubishi Electric MC Works64 安全漏洞 — Mitsubishi Electric MC Works64; ICONICS GENESIS64; ICONICS Hyper Historian; ICONICS AnalytiX; ICONICS MobileHMI | 9.8 | - | 2022-01-21 |
| CVE-2022-23127 | Mitsubishi Electric MC Works64 跨站脚本漏洞 — Mitsubishi Electric MC Works64; ICONICS MobileHMI | 6.1 | - | 2022-01-21 |
| CVE-2021-44593 | Sourcecodester Simple College Website SQL注入漏洞 — n/a | 9.8 | - | 2022-01-21 |
| CVE-2021-44736 | Lexmark 授权问题漏洞 — n/a | 9.1 | - | 2022-01-20 |
| CVE-2021-26247 | Cacti 跨站脚本漏洞 — CactiCWE-79 | 6.1 | - | 2022-01-19 |
| CVE-2022-21390 | Oracle Communications Applications 输入验证错误漏洞 — Communications Billing and Revenue Management | 10.0 | Critical | 2022-01-19 |
| CVE-2022-21389 | Oracle Communications Applications 输入验证错误漏洞 — Communications Billing and Revenue Management | 10.0 | Critical | 2022-01-19 |
| CVE-2022-21387 | Oracle Commerce 输入验证错误漏洞 — Commerce Platform | 5.3 | Medium | 2022-01-19 |
| CVE-2022-21386 | Oracle WebLogic Server 输入验证错误漏洞 — WebLogic Server | 6.1 | Medium | 2022-01-19 |
| CVE-2022-21377 | Oracle Construction and Engineering Suite 输入验证错误漏洞 — Primavera Portfolio Management | 5.4 | Medium | 2022-01-19 |
| CVE-2022-21376 | Oracle Construction and Engineering Suite 输入验证错误漏洞 — Primavera Portfolio Management | 5.4 | Medium | 2022-01-19 |
| CVE-2022-21373 | Oracle E-Business Suite 安全漏洞 — Partner Management | 6.1 | Medium | 2022-01-19 |
| CVE-2022-21371 | Oracle WebLogic Server 路径遍历漏洞 — WebLogic Server | 7.5 | High | 2022-01-19 |
| CVE-2022-21369 | Oracle PeopleSoft Enterprise PeopleTools 安全漏洞 — PeopleSoft Enterprise PT PeopleTools | 6.1 | Medium | 2022-01-19 |
| CVE-2022-21366 | Oracle Java SE和Oracle GraalVM 输入验证错误漏洞 — Java SE JDK and JRE | 5.3 | Medium | 2022-01-19 |
| CVE-2022-21365 | Oracle Java SE和Oracle GraalVM 输入验证错误漏洞 — Java SE JDK and JRE | 5.3 | Medium | 2022-01-19 |
| CVE-2022-21364 | Oracle PeopleSoft Enterprise PeopleTools 访问控制错误漏洞 — PeopleSoft Enterprise PT PeopleTools | 5.3 | Medium | 2022-01-19 |
| CVE-2022-21361 | Oracle WebLogic Server 输入验证错误漏洞 — WebLogic Server | 6.1 | Medium | 2022-01-19 |
| CVE-2022-21360 | Oracle Java SE和Oracle GraalVM 输入验证错误漏洞 — Java SE JDK and JRE | 5.3 | Medium | 2022-01-19 |
| CVE-2022-21359 | Oracle PeopleSoft Enterprise PeopleTools 安全漏洞 — PeopleSoft Enterprise PT PeopleTools | 6.1 | Medium | 2022-01-19 |
| CVE-2022-21354 | Oracle E-Business Suite 安全漏洞 — iStore | 6.1 | Medium | 2022-01-19 |
| CVE-2022-21353 | Oracle WebLogic Server 输入验证错误漏洞 — WebLogic Server | 6.5 | Medium | 2022-01-19 |
| CVE-2022-21350 | Oracle WebLogic Server 输入验证错误漏洞 — WebLogic Server | 6.5 | Medium | 2022-01-19 |
| CVE-2022-21349 | Oracle GraalVM 输入验证错误漏洞 — Java SE JDK and JRE | 5.3 | Medium | 2022-01-19 |
| CVE-2022-21347 | Oracle WebLogic Server 输入验证错误漏洞 — WebLogic Server | 6.5 | Medium | 2022-01-19 |
| CVE-2022-21346 | Oracle BI Publisher 输入验证错误漏洞 — BI Publisher (formerly XML Publisher) | 7.5 | High | 2022-01-19 |
| CVE-2022-21341 | Oracle Java SE和Oracle GraalVM 输入验证错误漏洞 — Java SE JDK and JRE | 5.3 | Medium | 2022-01-19 |
| CVE-2022-21340 | Oracle Java SE 和Oracle GraalVM 输入验证错误漏洞 — Java SE JDK and JRE | 5.3 | Medium | 2022-01-19 |
| CVE-2022-21306 | Oracle WebLogic Server 输入验证错误漏洞 — WebLogic Server | 9.8 | Critical | 2022-01-19 |
Vulnerabilities classified as access:pre-auth represent 19626 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.