Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19626

19626 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2020-10137 Silicon Labs 700 数据伪造问题漏洞 — UZB-7CWE-345 6.5 -2022-01-09
CVE-2022-21667 Denial of Service in soketi — soketiCWE-755 7.5 High2022-01-07
CVE-2021-42392 H2database代码问题漏洞 — h2CWE-502 9.8 -2022-01-07
CVE-2021-27738 Improper Access Control to Streaming Coordinator & SSRF — Apache KylinCWE-918 7.5 -2022-01-06
CVE-2021-31589 BeyondTrust Remote Support 跨站脚本漏洞 — n/a 6.1 -2022-01-05
CVE-2021-43832 Improper Access Control in spinnaker — spinnakerCWE-306 10.0 Critical2022-01-04
CVE-2021-45912 Controlup Real-Time Agent操作系统命令注入漏洞 — n/a 6.7 -2022-01-04
CVE-2021-43711 TotoLink Ex200命令注入漏洞 — n/a 9.8 -2022-01-04
CVE-2021-20147 ZOHO ManageEngine ADSelfService Plus 信息泄露漏洞 — ManageEngine ADSelfService Plus 5.3 -2022-01-03
CVE-2021-24973 Site Reviews < 5.17.3 - Unauthenticated Stored Cross-Site Scripting — Site ReviewsCWE-79 6.1 -2022-01-03
CVE-2021-24964 LiteSpeed Cache < 4.4.4 - IP Check Bypass to Unauthenticated Stored XSS — LiteSpeed CacheCWE-79 6.1 -2022-01-03
CVE-2021-24893 Stars Rating < 3.5.1 - Comments Denial of Service — Stars RatingCWE-400 8.2 -2022-01-03
CVE-2021-24831 Tab - Accordion, FAQ < 1.3.2 - Unauthenticated AJAX Calls — Tab – Accordion, FAQCWE-862 7.5 -2022-01-03
CVE-2021-25994 Userfrosting - Host-Header Injection Leads to Account Takeover — userfrostingCWE-74 8.8 High2022-01-03
CVE-2021-23147 Netgear Nighthawk R6700 授权问题漏洞 — Netgear Nighthawk R6700 6.8 -2021-12-30
CVE-2021-20157 Trendnet AC2600 安全漏洞 — Trendnet AC2600 TEW-827DRU 7.5 -2021-12-30
CVE-2021-20158 Trendnet AC2600 访问控制错误漏洞 — Trendnet AC2600 TEW-827DRU 9.8 -2021-12-30
CVE-2021-20134 D-Link DIR-2640 路径遍历漏洞 — Quagga Services on D-Link DIR-2640 Routers 9.1 -2021-12-30
CVE-2021-45427 Emerson XWEB 300D EVO 路径遍历漏洞 — n/a 9.1 -2021-12-30
CVE-2021-44161 Changing Information Technology Inc. MOTP(Mobile One Time Password) - SQL Injection — MOTP(Mobile One Time Password)CWE-89 8.8 High2021-12-29
CVE-2021-44160 Carinal Tien Hospital Health Report System - Authorization Bypass Through User-Controlled Key — Health Report SystemCWE-639 7.3 High2021-12-29
CVE-2021-45790 MeterSphere 代码问题漏洞 — n/a 9.8 -2021-12-27
CVE-2021-24967 Contact Form & Lead Form Elementor Builder < 1.6.4 - Unauthenticated Stored Cross-Site Scripting — Contact Form & Lead Form Elementor BuilderCWE-79 6.1 -2021-12-27
CVE-2021-24797 Tickera < 3.4.8.3 - Unauthenticated Stored Cross-Site Scripting — Tickera – WordPress Event TicketingCWE-79 6.1 -2021-12-27
CVE-2021-45513 Netgear NETGEAR 命令注入漏洞 — n/a 9.6 Critical2021-12-26
CVE-2021-45514 Netgear NETGEAR 命令注入漏洞 — n/a 9.6 Critical2021-12-26
CVE-2021-45573 Netgear NETGEAR 缓冲区错误漏洞 — n/a 8.3 High2021-12-26
CVE-2021-45608 Netgear NETGEAR 输入验证错误漏洞 — n/a 6.5 Medium2021-12-26
CVE-2021-45609 Netgear NETGEAR 安全漏洞 — n/a 9.6 Critical2021-12-26
CVE-2021-45610 Netgear NETGEAR 安全漏洞 — n/a 9.6 Critical2021-12-26

Vulnerabilities classified as access:pre-auth represent 19626 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.