Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18829

18829 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2026-27630 TinyWeb vulnerable to Remote Denial of Service via Thread/Connection Exhaustion (Slowloris) — TinyWebCWE-400 7.5AIHighAI2026-02-25
CVE-2026-27613 CGI Parameter Injection (Bypass of STRICT_CGI_PARAMS and EscapeShellParam) — TinyWebCWE-78 9.8AICriticalAI2026-02-25
CVE-2026-27493 n8n has Unauthenticated Expression Evaluation via Form Node — n8nCWE-94 9.8AICriticalAI2026-02-25
CVE-2026-27148 Storybook Dev Server Vulnerable to WebSocket Hijacking — storybookCWE-74 8.1AIHighAI2026-02-25
CVE-2026-0542 Remote Code Execution in ServiceNow AI Platform — ServiceNow AI PlatformCWE-653 9.8AICriticalAI2026-02-25
CVE-2025-14511 Improper Validation of Specified Quantity in Input in GitLab — GitLabCWE-1284 7.5 High2026-02-25
CVE-2026-0752 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79 8.0 High2026-02-25
CVE-2026-1388 Inefficient Regular Expression Complexity in GitLab — GitLabCWE-1333 7.5 High2026-02-25
CVE-2026-1662 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 7.5 High2026-02-25
CVE-2026-1725 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 5.3 Medium2026-02-25
CVE-2026-25138 Rucio WebUI has Username Enumeration via Login Error Message — rucioCWE-204 5.3 Medium2026-02-25
CVE-2026-22719 VMware Aria Operations command injection vulnerability — VMware Aria Operations 8.1 High2026-02-25
CVE-2026-21902 Junos OS Evolved: PTX Series: A vulnerability allows a unauthenticated, network-based attacker to execute code as root — Junos OS EvolvedCWE-732 9.8 Critical2026-02-25
CVE-2026-20033 Cisco NX-OS Software Denial of Service Vulnerability — Cisco NX-OS System Software in ACI ModeCWE-805 7.4 High2026-02-25
CVE-2026-20010 Cisco Nexus 3000 and 9000 Series Switches Link Layer Discovery Protocol Denial of Service Vulnerability — Cisco NX-OS SoftwareCWE-805 7.4 High2026-02-25
CVE-2026-20051 Cisco Nexus 3600-R and 9500-R Series Switching Platforms Layer 2 Loop Denial of Service Vulnerability — Cisco NX-OS SoftwareCWE-457 7.4 High2026-02-25
CVE-2026-20127 Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability — Cisco Catalyst SD-WAN ManagerCWE-287 10.0 Critical2026-02-25
CVE-2026-20128 Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability — Cisco Catalyst SD-WAN ManagerCWE-257 7.5 High2026-02-25
CVE-2026-20129 Cisco Catayst SD-WAN Authentication Bypass Vulnerability — Cisco Catalyst SD-WAN ManagerCWE-287 9.8 Critical2026-02-25
CVE-2026-20133 Cisco Catalyst SD-WAN Manager(Cisco SD-WAN vManage) 信息泄露漏洞 — Cisco Catalyst SD-WAN ManagerCWE-200 6.5 Medium2026-02-25
CVE-2026-2410 Disable Admin Notices – Hide Dashboard Notifications <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update — Disable Admin Notices – Hide Dashboard NotificationsCWE-352 4.3 Medium2026-02-25
CVE-2026-2416 Geo Mashup <= 1.13.17 - Unauthenticated SQL Injection via 'sort' Parameter — Geo MashupCWE-89 7.5 High2026-02-25
CVE-2026-1916 WPGSI: Spreadsheet Integration <= 3.8.3 - Missing Authorization to Unauthenticated Arbitrary Post Creation and Deletion via Forged Base64 Token — WPGSI: Spreadsheet IntegrationCWE-862 7.5 High2026-02-25
CVE-2026-27743 SPIP referer_spam <= 1.2.1 Unauthenticated SQL Injection — referer_spamCWE-89 9.8 Critical2026-02-25
CVE-2026-27744 SPIP tickets < 4.3.3 Unauthenticated RCE — ticketsCWE-94 9.8 Critical2026-02-25
CVE-2026-27626 OliveTin vulnerable to OS Command Injection via `password` argument type and webhook JSON extraction bypasses shell safety checks — OliveTinCWE-78 10.0 Critical2026-02-25
CVE-2026-27614 Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering — bugsinkCWE-79 9.3 Critical2026-02-25
CVE-2026-27595 Parse Dashboard has incomplete authentication on AI Agent endpoint — parse-dashboardCWE-306 9.1AICriticalAI2026-02-25
CVE-2026-27477 Mastodon has SSRF via unvalidated FASP Provider base_url — mastodonCWE-918 6.5 -2026-02-24
CVE-2026-26222 DocLink .NET Remoting Unauthenticated Arbitrary File Read/Write RCE — Altec DocLinkCWE-502 9.1AICriticalAI2026-02-24

Vulnerabilities classified as access:pre-auth represent 18829 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.