Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19626

19626 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2021-34684 Hitachi Vantara Pentaho SQL注入漏洞 — n/a 9.8 Critical2021-11-08
CVE-2021-31602 Hitachi Vantara Pentaho 授权问题漏洞 — n/a 5.3 Medium2021-11-08
CVE-2021-42359 WP DSGVO Tools (GDPR) <= 3.1.23 Unauthenticated Arbitrary Post Deletion — WP DSGVO Tools (GDPR)CWE-284 7.5 High2021-11-05
CVE-2021-25505 Samsung Pass 授权问题漏洞 — Samsung PassCWE-287 3.3 Low2021-11-05
CVE-2021-1500 Cisco Webex Video Mesh Arbitrary Site Redirection Vulnerability — Cisco Webex Video MeshCWE-601 5.4 Medium2021-11-04
CVE-2021-34739 Cisco Small Business Series Switches Session Credentials Replay Vulnerability — Cisco Small Business Smart and Managed SwitchesCWE-613 8.1 High2021-11-04
CVE-2021-34741 Cisco Email Security Appliance Denial of Service Vulnerability — Cisco Email Security Appliance (ESA)CWE-770 7.5 High2021-11-04
CVE-2021-40119 Cisco Policy Suite Static SSH Keys Vulnerability — Cisco Policy Suite (CPS) SoftwareCWE-321 9.8 Critical2021-11-04
CVE-2021-40115 Cisco Webex Video Mesh Cross-Site Scripting Vulnerability — Cisco Webex Video MeshCWE-79 6.1 Medium2021-11-04
CVE-2021-40113 Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities — Cisco Catalyst PON SeriesCWE-284 10.0 Critical2021-11-04
CVE-2021-40112 Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities — Cisco Catalyst PON SeriesCWE-284 10.0 Critical2021-11-04
CVE-2021-34795 Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities — Cisco Catalyst PON SeriesCWE-284 10.0 Critical2021-11-04
CVE-2021-34773 Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability — Cisco Unified Communications ManagerCWE-352 6.5 Medium2021-11-04
CVE-2021-40128 Cisco Webex Meetings Email Content Injection Vulnerability — Cisco Webex MeetingsCWE-183 5.3 Medium2021-11-04
CVE-2021-40127 Cisco Small Business 200, 300, and 500 Series Switches Web-Based Management Interface Denial of Service Vulnerability — Cisco Small Business Smart and Managed SwitchesCWE-20 5.3 Medium2021-11-04
CVE-2021-42772 Broadcom Management Center 安全漏洞 — n/a 9.8 -2021-11-03
CVE-2021-41174 XSS vulnerability allowing arbitrary JavaScript execution — grafanaCWE-79 6.9 Medium2021-11-03
CVE-2021-33210 Fimer Aurora 授权问题漏洞 — n/a 5.3 -2021-11-03
CVE-2021-20136 ZOHO ManageEngine Log360 访问控制错误漏洞 — ManageEngine Log360 9.8 -2021-11-01
CVE-2021-29212 HPE IlO Amplifier Pack 路径遍历漏洞 — iLO Amplifier Pack 9.8 -2021-11-01
CVE-2021-25874 YouPHPTube SQL注入漏洞 — n/a 7.5 -2021-11-01
CVE-2021-24757 Stylish Price List < 6.9.0 - Unauthenticated Arbitrary Image Upload — Stylish Price ListCWE-863 7.5 -2021-11-01
CVE-2020-36505 Delete All Comments Easily <= 1.3 - All Comments Deletion via CSRF — Delete All Comments EasilyCWE-352 4.3 -2021-11-01
CVE-2018-25019 LearnDash < 2.5.4 - Unauthenticated Arbitrary File Upload — LearnDash LMSCWE-434 7.5 -2021-11-01
CVE-2015-20067 WP Attachment Export < 0.2.4 - Unauthenticated Posts Download — WP Attachment ExportCWE-862 5.3 -2021-11-01
CVE-2021-20839 Antenna House Office Server Document Converter 代码问题漏洞 — Office Server Document Converter 7.5 -2021-11-01
CVE-2021-20838 Antenna House Office Server Document Converter 代码问题漏洞 — Office Server Document Converter 6.5 -2021-11-01
CVE-2021-37254 M-Files Web 授权问题漏洞 — n/a 7.5 -2021-10-28
CVE-2019-19810 ZOOM Zoom Call Recording 代码问题漏洞 — n/a 9.8 -2021-10-28
CVE-2021-40118 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerabilities — Cisco Adaptive Security Appliance (ASA) SoftwareCWE-121 8.6 High2021-10-27

Vulnerabilities classified as access:pre-auth represent 19626 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.