Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19627

19627 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2021-20874 Japan Total System GroupSession 输入验证错误漏洞 — GroupSession Free edition, GroupSession byCloud, GroupSession ZION 7.5 -2021-12-24
CVE-2021-27007 NetApp Virtual Desktop Service 安全漏洞 — NetApp Virtual Desktop Service (VDS) 9.8 -2021-12-23
CVE-2021-43985 mySCADA myPRO — myPROCWE-288 9.1 Critical2021-12-23
CVE-2021-20049 Sonicwall SMA100 信息泄露漏洞 — SonicWall SMA100CWE-204 7.5 -2021-12-23
CVE-2021-31558 Delta Electronics DIAEnergie (Update A) — DIAEnergieCWE-79 6.5 Medium2021-12-22
CVE-2021-44471 Delta Electronics DIAEnergie (Update A) — DIAEnergieCWE-79 7.5 High2021-12-22
CVE-2021-36885 WordPress Contact Form 7 Database Addon – CFDB7 plugin <= 1.2.6.1 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability — Contact Form 7 Database Addon – CFDB7 (WordPress plugin)CWE-79 6.1 Medium2021-12-22
CVE-2021-40612 Opmantek Open-AudIT 安全漏洞 — n/a 9.8 -2021-12-22
CVE-2021-36350 Dell Technologies Dell PowerScale OneFS 授权问题漏洞 — PowerScale OneFS 5.9 Medium2021-12-21
CVE-2021-36336 Dell Wyse Management Suite代码问题漏洞 — Wyse Management SuiteCWE-502 9.8 Critical2021-12-21
CVE-2021-44877 Dalmark Systems Systeam 安全漏洞 — n/a 7.5 -2021-12-21
CVE-2021-24849 WCFM - WooCommerce Multivendor Marketplace < 3.4.12 - Unauthenticated SQL Injection — WCFM Marketplace – Best Multivendor Marketplace for WooCommerceCWE-89 9.8 -2021-12-21
CVE-2021-43750 Adobe Premiere Rush NULL Pointer Dereference Local Denial-of-Service — Premiere RushCWE-476 5.5 Medium2021-12-20
CVE-2021-43749 Adobe Premiere Rush NULL Pointer Dereference Local Denial-of-Service — Premiere RushCWE-476 5.5 Medium2021-12-20
CVE-2021-43748 Adobe Premiere Rush NULL Pointer Dereference Local Denial-of-Service — Premiere RushCWE-476 5.5 Medium2021-12-20
CVE-2021-44525 ZOHO ManageEngine Log360 授权问题漏洞 — n/a 9.8 -2021-12-20
CVE-2021-44675 ZOHO ManageEngine ServiceDesk Plus 授权问题漏洞 — n/a 9.8 -2021-12-20
CVE-2021-44164 Chain Sea Information Integration Co., Ltd ai chatbot system - Arbitrary File Upload — ai chatbot systemCWE-434 9.8 Critical2021-12-20
CVE-2021-44163 Chain Sea Information Integration Co., Ltd ai chatbot system - Reflected XSS — ai chatbot systemCWE-79 6.1 Medium2021-12-20
CVE-2021-44162 Chain Sea Information Integration Co., Ltd ai chatbot system - Path Traversal — ai chatbot systemCWE-22 7.5 High2021-12-20
CVE-2021-44159 4MOSAn GCB Doctor - Unrestricted Upload of File — GCB DoctorCWE-434 9.8 Critical2021-12-20
CVE-2021-20608 Mitsubishi Electric GX Works2 安全漏洞 — GX Works2 7.5 -2021-12-17
CVE-2021-22054 Vmware Workspace One 代码问题漏洞 — VMware Workspace ONE UEM console 7.5 -2021-12-17
CVE-2021-41451 Tp-link TP-Link AX10 环境问题漏洞 — n/a--2021-12-17
CVE-2021-36779 Host operations allowed in privileged Longhorn managed pods — LonghornCWE-306 9.6 Critical2021-12-17
CVE-2021-41028 Fortinet FortiClient 信任管理问题漏洞 — Fortinet FortiClientEMS, FortiClientWindows, FortiClientLinux, FortiClientMac 8.2 High2021-12-16
CVE-2020-18984 Zimbra 跨站脚本漏洞 — n/a 6.1 -2021-12-15
CVE-2021-36888 WordPress Image Hover Effects Ultimate plugin <= 9.6.1 - Unauthenticated Arbitrary Options Update leading to full website compromise — Image Hover Effects Ultimate (WordPress plugin)CWE-284 9.8 Critical2021-12-15
CVE-2021-27857 FatPipe software allows unauthenticated configuration download — WARPCWE-862 7.5 High2021-12-15
CVE-2021-4073 RegistrationMagic <= 5.0.1.7 Authentication Bypass — RegistrationMagicCWE-287 9.8 Critical2021-12-14

Vulnerabilities classified as access:pre-auth represent 19627 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.