access:pre-auth — CVE vulnerabilities tagged 19626

19626 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE ID	Title	CVSS	Severity	Published
CVE-2021-40117	Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Denial of Service Vulnerability — Cisco Adaptive Security Appliance (ASA) SoftwareCWE-119	8.6	High	2021-10-27
CVE-2021-40116	Multiple Cisco Products Snort Rule Denial of Service Vulnerability — Cisco Firepower Threat Defense SoftwareCWE-241	8.6	High	2021-10-27
CVE-2021-40114	Multiple Cisco Products Snort Memory Leak Denial of Service Vulnerability — Cisco Firepower Threat Defense SoftwareCWE-770	6.8	Medium	2021-10-27
CVE-2021-34794	Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SNMP Access Control Vulnerability — Cisco Adaptive Security Appliance (ASA) SoftwareCWE-284	5.3	Medium	2021-10-27
CVE-2021-34793	Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Transparent Mode Denial of Service Vulnerability — Cisco Adaptive Security Appliance (ASA) SoftwareCWE-924	8.6	High	2021-10-27
CVE-2021-34792	Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Resource Exhaustion Denial of Service Vulnerability — Cisco Adaptive Security Appliance (ASA) SoftwareCWE-400	8.6	High	2021-10-27
CVE-2021-34791	Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Application Level Gateway Bypass Vulnerabilities — Cisco Adaptive Security Appliance (ASA) SoftwareCWE-358	4.7	Medium	2021-10-27
CVE-2021-34790	Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Application Level Gateway Bypass Vulnerabilities — Cisco Adaptive Security Appliance (ASA) SoftwareCWE-358	4.7	Medium	2021-10-27
CVE-2021-34787	Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Identity-Based Rule Bypass Vulnerability — Cisco Adaptive Security Appliance (ASA) SoftwareCWE-183	5.3	Medium	2021-10-27
CVE-2021-34783	Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Software-Based SSL/TLS Denial of Service Vulnerability — Cisco Adaptive Security Appliance (ASA) SoftwareCWE-119	8.6	High	2021-10-27
CVE-2021-34781	Cisco Firepower Threat Defense Software SSH Connections Denial of Service Vulnerability — Cisco Adaptive Security Appliance (ASA) SoftwareCWE-119	8.6	High	2021-10-27
CVE-2021-34754	Cisco Firepower Threat Defense Software Ethernet Industrial Protocol Policy Bypass Vulnerabilities — Cisco Firepower Threat Defense SoftwareCWE-284	5.8	Medium	2021-10-27
CVE-2021-22101	Cloud Foundry Cloud Controller 资源管理错误漏洞 — Cloud Foundry Cloud ControllerCWE-400	7.5	-	2021-10-27
CVE-2021-34580	Remote user enumeration in mymbCONNECT24, mbCONNECT24 <= 2.9.0 — mymbCONNECT24CWE-204	7.5	High	2021-10-27
CVE-2021-37371	Online Student Admission System SQL注入漏洞 — n/a	9.8	-	2021-10-26
CVE-2021-34593	CODESYS V2 runtime: unauthenticated invalid requests may result in denial-of-service — CODESYS V2CWE-755	7.5	High	2021-10-26
CVE-2021-41307	Atlassian Jira 权限许可和访问控制问题漏洞 — Jira Server	7.5	-	2021-10-26
CVE-2017-20007	Information Exposure in INGEPAC DA AU — INGEPAC DA AUCWE-200	5.3	Medium	2021-10-25
CVE-2021-24884	Formidable Form Builder < 4.09.05 - Unauthenticated Stored Cross-Site Scripting — Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin for WordPressCWE-79	8.2	-	2021-10-25
CVE-2021-24779	WP Debugging < 2.11.0 - Unauthenticated Plugin's Settings Update — WP DebuggingCWE-862	6.5	-	2021-10-25
CVE-2021-40865	Unsafe Pre-Authentication Deserialization In Workers — Apache StormCWE-502	9.8	-	2021-10-25
CVE-2021-42258	BEQ BillQuick Web Suite SQL注入漏洞 — n/a	9.8	-	2021-10-22
CVE-2020-23058	Nong Ge File Explorer 授权问题漏洞 — n/a	7.5	-	2021-10-22
CVE-2021-34736	Cisco Integrated Management Controller GUI Denial of Service Vulnerability — Cisco Unified Computing System (Managed)CWE-20	5.3	Medium	2021-10-21
CVE-2021-40122	Cisco Meeting Server Call Bridge Denial of Service Vulnerability — Cisco Meeting ServerCWE-399	5.9	Medium	2021-10-21
CVE-2021-34743	Cisco Webex Software Application Authorization Bypass Vulnerability — Cisco Webex MeetingsCWE-352	4.3	Medium	2021-10-21
CVE-2021-25969	Camaleon CMS - Stored Cross-Site Scripting (XSS) in Comments — camaleon_cmsCWE-79	6.1	Medium	2021-10-20
CVE-2021-35666	Oracle HTTP Server 输入验证错误漏洞 — HTTP Server	5.9	Medium	2021-10-20
CVE-2021-35665	Oracle Hyperion 安全漏洞 — Hyperion Financial Reporting	6.1	Medium	2021-10-20
CVE-2021-35662	Oracle Outside In Technology 输入验证错误漏洞 — Outside In Technology	7.5	High	2021-10-20

Vulnerabilities classified as access:pre-auth represent 19626 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

access:pre-auth — CVE vulnerabilities tagged 19626