Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19499

19499 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2021-27402 Mitel Networks MiCollab 路径遍历漏洞 — n/a 8.2 -2021-08-13
CVE-2021-38619 openBaraza HCM 跨站脚本漏洞 — n/a 6.1 -2021-08-13
CVE-2021-37351 Nagios XI 权限许可和访问控制问题漏洞 — n/a 7.5 -2021-08-13
CVE-2021-37599 Nuance Communications Nuance Winscribe Dictation SQL注入漏洞 — n/a 9.8 -2021-08-12
CVE-2021-27791 Brocade Fabric OS 缓冲区错误漏洞 — Brocade Fabric OS 7.5 -2021-08-12
CVE-2021-0009 Intel Ethernet Adapters 800 缓冲区错误漏洞 — Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters 6.5 -2021-08-11
CVE-2021-38526 Netgear NETGEAR 缓冲区错误漏洞 — n/a 4.3 Medium2021-08-11
CVE-2021-38527 多款 NETGEAR 设备命令注入漏洞 — n/a 8.1 High2021-08-11
CVE-2021-38528 Netgear NETGEAR 命令注入漏洞 — n/a 9.6 Critical2021-08-11
CVE-2021-38529 Netgear NETGEAR 命令注入漏洞 — n/a 8.3 High2021-08-11
CVE-2021-38530 Netgear NETGEAR 命令注入漏洞 — n/a 9.6 Critical2021-08-11
CVE-2020-23171 Nim 安全漏洞 — n/a 5.5 -2021-08-10
CVE-2021-21564 Dell OpenManage Enterprise 授权问题漏洞 — Dell OpenManage EnterpriseCWE-200 9.8 Critical2021-08-09
CVE-2021-33256 zoho ManageEngine ADSelfService Plus 安全漏洞 — n/a 8.8 -2021-08-09
CVE-2021-37788 Gurock Software Gurock TestRail 安全漏洞 — n/a 5.4 -2021-08-09
CVE-2021-24507 Astra Pro Addon < 3.5.2 - Unauthenticated SQL Injection — Astra Pro AddonCWE-89 9.8 -2021-08-09
CVE-2021-24304 Newsmag < 5.0 - Unauthenticated Reflected Cross-site Scripting (XSS) — NewsmagCWE-79 6.1 -2021-08-09
CVE-2021-24499 Workreap theme < 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution — WorkreapCWE-434 9.8 -2021-08-09
CVE-2021-38167 Roxy-WI SQL注入漏洞 — n/a 9.8 -2021-08-07
CVE-2021-38159 Progress Software MOVEit Transfer SQL注入漏洞 — n/a 9.8 -2021-08-07
CVE-2021-38157 Leostream Connection Broker 跨站脚本漏洞 — n/a 6.1 -2021-08-06
CVE-2021-20598 Mitsubishi Electric MELSEC iQ-R series 授权问题漏洞 — MELSEC iQ-R series CPU modules R08/16/32/120SFCPU; R08/16/32/120PSFCPU 8.2 -2021-08-06
CVE-2021-20594 Mitsubishi Electric MELSEC iQ-R series 信息泄露漏洞 — Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU 5.3 -2021-08-06
CVE-2021-20597 Mitsubishi Electric MELSEC iQ-R series 访问控制错误漏洞 — Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU 9.1 -2021-08-06
CVE-2021-38155 OpenStack 安全漏洞 — n/a 7.5 -2021-08-06
CVE-2021-20592 Mitsubishi Electric GOT2000 安全漏洞 — GOT2000 series GT27 model; GT25 model; GT23 model; GT SoftGOT2000 7.5 -2021-08-05
CVE-2021-21739 ZTE ZXCTN 数据伪造问题漏洞 — <ZXCTN 6120H>--2021-08-05
CVE-2021-23849 Cross Site Request Forgery (CSRF) vulnerability in web based management interface — CPP FirmwareCWE-352 7.5 High2021-08-05
CVE-2021-32579 Acronis True Image 授权问题漏洞 — n/a 7.8 -2021-08-05
CVE-2021-38095 Planview Spigit 安全漏洞 — n/a 5.3 -2021-08-05

Vulnerabilities classified as access:pre-auth represent 19499 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.