Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19644

19644 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2021-40288 TP-Link AX10安全漏洞 — n/a 7.5 -2021-12-07
CVE-2021-22955 Citrix Systems Application Delivery Management 资源管理错误漏洞 — Citrix ADC, Citrix GatewayCWE-400 7.5 -2021-12-07
CVE-2021-29116 BUG-000142180 Hosted feature services vulnerable to stored XSS — ArcGIS ServerCWE-79 6.1 -2021-12-07
CVE-2021-29114 SQL injection vulnerability in ArcGIS Server — ArcGIS ServerCWE-89 9.8 -2021-12-07
CVE-2021-29113 Remote file inclusion vulnerability in ArcGIS Server help documentation — ArcGIS ServerCWE-98 4.7 -2021-12-07
CVE-2021-24943 Registrations for the Events Calendar < 2.7.6 - Unauthenticated SQL Injection — Registrations for the Events Calendar – Event Registration PluginCWE-89 9.8 -2021-12-06
CVE-2021-24931 Secure Copy Content Protection and Content Locking < 2.8.2 - Unauthenticated SQL Injection — Secure Copy Content Protection and Content LockingCWE-89 9.8 -2021-12-06
CVE-2021-24917 WPS Hide Login < 1.9.1 - Protection Bypass with Referer-Header — WPS Hide LoginCWE-863 7.5 -2021-12-06
CVE-2021-43035 Unitrends Backup SQL注入漏洞 — n/a 9.8 -2021-12-06
CVE-2021-43042 Unitrends Backup 安全漏洞 — n/a 9.8 -2021-12-06
CVE-2021-23264 Transmission of Private Resources into a New Sphere ('Resource Leak') and Exposure of Resource to Wrong Sphere in Crafter Search — Crafter CMSCWE-402 8.1 High2021-12-02
CVE-2021-23263 Transmission of Private Resources into a New Sphere ('Resource Leak') in Crafter Engine — Crafter CMSCWE-402 5.9 Medium2021-12-02
CVE-2021-20611 Mitsubishi Electric MELSEC iQ-R series 输入验证错误漏洞 — MELSEC iQ-R Series R00CPUCWE-20 7.5 High2021-12-01
CVE-2021-20610 多款Mitsubishi Electric产品安全漏洞 — MELSEC iQ-R Series R00CPUCWE-130 7.5 High2021-12-01
CVE-2021-20609 Mitsubishi Electric MELSEC Q series 资源管理错误漏洞 — MELSEC iQ-R Series R00CPUCWE-400 7.5 High2021-12-01
CVE-2021-20864 Elecom Edwrc 安全漏洞 — ELECOM routers 8.1 -2021-12-01
CVE-2021-20862 Elecom Edwrc 访问控制错误漏洞 — ELECOM routers 8.1 -2021-12-01
CVE-2021-20851 WordPress 跨站请求伪造漏洞 — Browser and Operating System Finder 8.8 -2021-12-01
CVE-2021-20847 elecom lan 跨站脚本漏洞 — Wi-Fi STATION SH-52A 6.1 -2021-12-01
CVE-2021-43358 Sunnet eHRD - Path Traversal — eHRDCWE-22 7.5 High2021-12-01
CVE-2021-36330 Dell Emc Streaming Data Platform代码问题漏洞 — Dell EMC Streaming Data PlatformCWE-613 8.1 High2021-11-30
CVE-2021-36327 Dell EMC Streaming Data Platform 代码问题漏洞 — Dell EMC Streaming Data PlatformCWE-918 5.3 Medium2021-11-30
CVE-2021-36326 Dell Emc Streaming Data Platform 安全漏洞 — Dell EMC Streaming Data PlatformCWE-757 6.5 Medium2021-11-30
CVE-2021-42544 Lack of Rate limiting in Authentication in TopEase — TopEaseCWE-307 7.5 High2021-11-30
CVE-2021-42115 Missing HTTPOnly flag on sensitive cookie in TopEase — TopEaseCWE-1004 8.1 High2021-11-30
CVE-2021-44427 Rosario Student Information System SQL注入漏洞 — n/a 9.8 Critical2021-11-29
CVE-2021-24915 Contest Gallery < 13.1.0.6 - Missing Access Controls to Unauthenticated SQL injection / Email Address Disclosure — Contest Gallery – Photo Contest Plugin for WordPressCWE-89 9.1 -2021-11-29
CVE-2021-44077 ZOHO ManageEngine ServiceDesk Plus 访问控制错误漏洞 — n/a 9.8 -2021-11-29
CVE-2021-36917 WordPress Hide My WP premium plugin <= 6.2.3 - Unauthenticated Plugin Deactivation vulnerability — Hide My WP (WordPress plugin)CWE-284 6.5 Medium2021-11-24
CVE-2021-42783 Missing Authentication in debug_post_set.cgi in D-Link DWR-932C E1 Firmware 1.0.0.4 — DWR-932C E1CWE-306 9.8 -2021-11-23

Vulnerabilities classified as access:pre-auth represent 19644 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.