Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19626

19626 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2022-20698 Clam AntiVirus (ClamAV) Denial of Service Vulnerability — ClamAVCWE-20 7.5 High2022-01-14
CVE-2022-20639 Cisco Security Manager Cross-Site Scripting Vulnerabilities — Cisco Security ManagerCWE-79 6.1 Medium2022-01-14
CVE-2022-20638 Cisco Security Manager Cross-Site Scripting Vulnerabilities — Cisco Security ManagerCWE-79 6.1 Medium2022-01-14
CVE-2022-20637 Cisco Security Manager Cross-Site Scripting Vulnerabilities — Cisco Security ManagerCWE-79 6.1 Medium2022-01-14
CVE-2022-20636 Cisco Security Manager Cross-Site Scripting Vulnerabilities — Cisco Security ManagerCWE-79 6.1 Medium2022-01-14
CVE-2022-20635 Cisco Security Manager Cross-Site Scripting Vulnerabilities — Cisco Security ManagerCWE-79 6.1 Medium2022-01-14
CVE-2022-20660 Cisco IP Phones Information Disclosure Vulnerability — Cisco Session Initiation Protocol (SIP) SoftwareCWE-312 4.6 Medium2022-01-14
CVE-2022-20647 Cisco Security Manager Cross-Site Scripting Vulnerabilities — Cisco Security ManagerCWE-79 6.1 Medium2022-01-14
CVE-2022-20646 Cisco Security Manager Cross-Site Scripting Vulnerabilities — Cisco Security ManagerCWE-79 6.1 Medium2022-01-14
CVE-2022-20645 Cisco Security Manager Cross-Site Scripting Vulnerabilities — Cisco Security ManagerCWE-79 6.1 Medium2022-01-14
CVE-2022-20644 Cisco Security Manager Cross-Site Scripting Vulnerabilities — Cisco Security ManagerCWE-79 6.1 Medium2022-01-14
CVE-2022-20643 Cisco Security Manager Cross-Site Scripting Vulnerabilities — Cisco Security ManagerCWE-79 6.1 Medium2022-01-14
CVE-2022-20642 Cisco Security Manager Cross-Site Scripting Vulnerabilities — Cisco Security ManagerCWE-79 6.1 Medium2022-01-14
CVE-2022-20641 Cisco Security Manager Cross-Site Scripting Vulnerabilities — Cisco Security ManagerCWE-79 6.1 Medium2022-01-14
CVE-2022-20640 Cisco Security Manager Cross-Site Scripting Vulnerabilities — Cisco Security ManagerCWE-79 6.1 Medium2022-01-14
CVE-2022-22056 Le-yan Co., Ltd. dental management system - Hard-coded Credentials — Dental Management SystemCWE-798 9.8 Critical2022-01-14
CVE-2022-22055 Le-yan Co., Ltd. dental management system - SQL Injection — Dental Management SystemCWE-89 9.8 Critical2022-01-14
CVE-2022-22054 ASUS RT-AX56U - Path Traversal — RT-AX56UCWE-22 6.5 Medium2022-01-14
CVE-2022-22989 Pre-authenticated stack overflow vulnerability on FTP Service — My CloudCWE-121 9.8 Critical2022-01-13
CVE-2022-23134 Possible view of the setup pages by unauthenticated users if config file already exists — FrontendCWE-284 3.7 Low2022-01-13
CVE-2022-23131 Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML — FrontendCWE-290 9.1 Critical2022-01-13
CVE-2021-42558 Caldera 跨站脚本漏洞 — n/a 6.1 -2022-01-12
CVE-2021-1573 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerability — Cisco Adaptive Security Appliance SoftwareCWE-121 8.6 High2022-01-11
CVE-2021-34704 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerability — Cisco Adaptive Security Appliance SoftwareCWE-121 8.6 High2022-01-11
CVE-2021-43053 TIBCO FTL Secret Exposure Vulnerability — TIBCO FTL - Community Edition 8.5 High2022-01-11
CVE-2021-45034 Siemens SICAM A8000 CP-8000 日志信息泄露漏洞 — CP-8000 MASTER MODULE WITH I/O -25/+70°CCWE-284 6.5 -2022-01-11
CVE-2021-41769 Siemens SIPROTEC 5 输入验证错误漏洞 — SIPROTEC 5 6MD85 devices (CPU variant CP300)CWE-20--2022-01-11
CVE-2021-24948 The Plus Addons for Elementor Pro < 5.0.7 - Sensitive Data Disclosure — The Plus Addons for Elementor - ProCWE-200 7.5 -2022-01-10
CVE-2022-22114 Teedy - Reflected Cross-Site Scripting (XSS) in the Search Functionality — docsCWE-79 9.6 Critical2022-01-10
CVE-2021-25032 PublishPress Capabilities < 2.3.1 - Unauthenticated Arbitrary Options Update to Blog Compromise — PublishPress Capabilities – User Role Access, Editor Permissions, Admin MenusCWE-352 9.8 -2022-01-10

Vulnerabilities classified as access:pre-auth represent 19626 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.