Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19627

19627 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2021-25527 Samsung Pay 安全漏洞 — Samsung PayCWE-926 3.8 Low2021-12-08
CVE-2021-41013 Fortinet FortiWeb 安全漏洞 — Fortinet FortiWeb 5.3 Medium2021-12-08
CVE-2021-36190 Fortinet FortiWeb安全漏洞 — Fortinet FortiWeb 5.5 Medium2021-12-08
CVE-2021-41014 Fortinet FortiWeb 资源管理错误漏洞 — Fortinet FortiWeb 7.5 High2021-12-08
CVE-2021-26109 Fortinet FortiOS 输入验证错误漏洞 — Fortinet FortiOS 8.1 High2021-12-08
CVE-2021-41024 Fortinet FortiOS 路径遍历漏洞 — Fortinet FortiOS 7.5 High2021-12-08
CVE-2021-26103 Fortinet FortiProxy SSL VPN 数据伪造问题漏洞 — Fortinet FortiOS 6.3 Medium2021-12-08
CVE-2021-20045 SonicWall SMA100 安全漏洞 — SonicWall SMA100CWE-120 9.8 -2021-12-08
CVE-2021-20042 SonicWall SMA100 安全漏洞 — SonicWall SMA100CWE-441 9.3 -2021-12-08
CVE-2021-20041 SonicWall SMA100安全漏洞 — SonicWall SMA100CWE-835 7.5 -2021-12-08
CVE-2021-20040 Sonicwall SMA100 路径遍历漏洞 — SonicWall SMA100CWE-23 5.3 -2021-12-08
CVE-2021-20038 Sonicwall SMA100 缓冲区错误漏洞 — SonicWall SMA100CWE-121 9.8 -2021-12-08
CVE-2021-44529 Ivanti Endpoint Manager 代码注入漏洞 — Ivanti EPMCWE-94 9.8 -2021-12-08
CVE-2021-40288 TP-Link AX10安全漏洞 — n/a 7.5 -2021-12-07
CVE-2021-22955 Citrix Systems Application Delivery Management 资源管理错误漏洞 — Citrix ADC, Citrix GatewayCWE-400 7.5 -2021-12-07
CVE-2021-29116 BUG-000142180 Hosted feature services vulnerable to stored XSS — ArcGIS ServerCWE-79 6.1 -2021-12-07
CVE-2021-29114 SQL injection vulnerability in ArcGIS Server — ArcGIS ServerCWE-89 9.8 -2021-12-07
CVE-2021-29113 Remote file inclusion vulnerability in ArcGIS Server help documentation — ArcGIS ServerCWE-98 4.7 -2021-12-07
CVE-2021-24943 Registrations for the Events Calendar < 2.7.6 - Unauthenticated SQL Injection — Registrations for the Events Calendar – Event Registration PluginCWE-89 9.8 -2021-12-06
CVE-2021-24931 Secure Copy Content Protection and Content Locking < 2.8.2 - Unauthenticated SQL Injection — Secure Copy Content Protection and Content LockingCWE-89 9.8 -2021-12-06
CVE-2021-24917 WPS Hide Login < 1.9.1 - Protection Bypass with Referer-Header — WPS Hide LoginCWE-863 7.5 -2021-12-06
CVE-2021-43035 Unitrends Backup SQL注入漏洞 — n/a 9.8 -2021-12-06
CVE-2021-43042 Unitrends Backup 安全漏洞 — n/a 9.8 -2021-12-06
CVE-2021-23264 Transmission of Private Resources into a New Sphere ('Resource Leak') and Exposure of Resource to Wrong Sphere in Crafter Search — Crafter CMSCWE-402 8.1 High2021-12-02
CVE-2021-23263 Transmission of Private Resources into a New Sphere ('Resource Leak') in Crafter Engine — Crafter CMSCWE-402 5.9 Medium2021-12-02
CVE-2021-20611 Mitsubishi Electric MELSEC iQ-R series 输入验证错误漏洞 — MELSEC iQ-R Series R00CPUCWE-20 7.5 High2021-12-01
CVE-2021-20610 多款Mitsubishi Electric产品安全漏洞 — MELSEC iQ-R Series R00CPUCWE-130 7.5 High2021-12-01
CVE-2021-20609 Mitsubishi Electric MELSEC Q series 资源管理错误漏洞 — MELSEC iQ-R Series R00CPUCWE-400 7.5 High2021-12-01
CVE-2021-20864 Elecom Edwrc 安全漏洞 — ELECOM routers 8.1 -2021-12-01
CVE-2021-20862 Elecom Edwrc 访问控制错误漏洞 — ELECOM routers 8.1 -2021-12-01

Vulnerabilities classified as access:pre-auth represent 19627 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.