Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19644

19644 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2021-43749 Adobe Premiere Rush NULL Pointer Dereference Local Denial-of-Service — Premiere RushCWE-476 5.5 Medium2021-12-20
CVE-2021-43748 Adobe Premiere Rush NULL Pointer Dereference Local Denial-of-Service — Premiere RushCWE-476 5.5 Medium2021-12-20
CVE-2021-44525 ZOHO ManageEngine Log360 授权问题漏洞 — n/a 9.8 -2021-12-20
CVE-2021-44675 ZOHO ManageEngine ServiceDesk Plus 授权问题漏洞 — n/a 9.8 -2021-12-20
CVE-2021-44164 Chain Sea Information Integration Co., Ltd ai chatbot system - Arbitrary File Upload — ai chatbot systemCWE-434 9.8 Critical2021-12-20
CVE-2021-44163 Chain Sea Information Integration Co., Ltd ai chatbot system - Reflected XSS — ai chatbot systemCWE-79 6.1 Medium2021-12-20
CVE-2021-44162 Chain Sea Information Integration Co., Ltd ai chatbot system - Path Traversal — ai chatbot systemCWE-22 7.5 High2021-12-20
CVE-2021-44159 4MOSAn GCB Doctor - Unrestricted Upload of File — GCB DoctorCWE-434 9.8 Critical2021-12-20
CVE-2021-20608 Mitsubishi Electric GX Works2 安全漏洞 — GX Works2 7.5 -2021-12-17
CVE-2021-22054 Vmware Workspace One 代码问题漏洞 — VMware Workspace ONE UEM console 7.5 -2021-12-17
CVE-2021-41451 Tp-link TP-Link AX10 环境问题漏洞 — n/a--2021-12-17
CVE-2021-36779 Host operations allowed in privileged Longhorn managed pods — LonghornCWE-306 9.6 Critical2021-12-17
CVE-2021-41028 Fortinet FortiClient 信任管理问题漏洞 — Fortinet FortiClientEMS, FortiClientWindows, FortiClientLinux, FortiClientMac 8.2 High2021-12-16
CVE-2020-18984 Zimbra 跨站脚本漏洞 — n/a 6.1 -2021-12-15
CVE-2021-36888 WordPress Image Hover Effects Ultimate plugin <= 9.6.1 - Unauthenticated Arbitrary Options Update leading to full website compromise — Image Hover Effects Ultimate (WordPress plugin)CWE-284 9.8 Critical2021-12-15
CVE-2021-27857 FatPipe software allows unauthenticated configuration download — WARPCWE-862 7.5 High2021-12-15
CVE-2021-4073 RegistrationMagic <= 5.0.1.7 Authentication Bypass — RegistrationMagicCWE-287 9.8 Critical2021-12-14
CVE-2021-44524 Siemens SiPass Integrated和Siveillance Identity 授权问题漏洞 — SiPass integrated V2.76CWE-668 9.1 -2021-12-14
CVE-2021-44523 Siemens SiPass Integrated和Siveillance Identity 安全漏洞 — SiPass integrated V2.76CWE-668 9.1 -2021-12-14
CVE-2021-44522 Siemens SiPass Integrated和Siveillance Identity 安全漏洞 — SiPass integrated V2.76CWE-668 7.5 -2021-12-14
CVE-2021-42548 reflected XSS in search functionality of WP Cloud Plugins - Share-one-Drive — Share-one-DriveCWE-79 4.7 Medium2021-12-13
CVE-2021-42549 reflected XSS in search functionality of WP Cloud Plugins - Lets-Box — Lets-BoxCWE-79 4.7 Medium2021-12-13
CVE-2021-42547 reflected XSS in search functionality of WP Cloud Plugins - Out-of-the-Box — Out-of-the-BoxCWE-79 4.7 Medium2021-12-13
CVE-2021-42546 Reflected XSS in search functionality of WP Cloud Plugins - Use-Your-Drive — Use-Your-DriveCWE-79 4.7 Medium2021-12-13
CVE-2021-24946 Modern Events Calendar < 6.1.5 - Unauthenticated Blind SQL Injection — Modern Events Calendar LiteCWE-89 9.8 -2021-12-13
CVE-2021-24925 Modern Events Calendar Lite < 6.1.5 - Reflected Cross-Site Scripting — Modern Events Calendar LiteCWE-79 6.1 -2021-12-13
CVE-2021-24792 Shiny Buttons <= 1.1.0 - Unauthenticated Stored Cross-Site Scripting — Shiny Buttons – CSS3 Button Generator for WordPressCWE-79 5.4 -2021-12-13
CVE-2021-24756 WP System Log < 1.0.21 - Unauthenticated Stored Cross-Site Scripting — WP System LogCWE-79 6.1 -2021-12-13
CVE-2021-44152 Reprise Software Reprise License Manager 访问控制错误漏洞 — n/a 9.1 -2021-12-13
CVE-2021-37934 Huntflow Enterprise 权限许可和访问控制问题漏洞 — n/a 7.5 -2021-12-10

Vulnerabilities classified as access:pre-auth represent 19644 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.