Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19431

19431 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2021-20738 ELECOM 多款产品安全漏洞 — WRC-1167FS-W, WRC-1167FS-B, and WRC-1167FSA 4.3 -2021-07-07
CVE-2021-24389 FoodBakery < 2.2 - Reflected Cross-Site Scripting (XSS) — WP FoodbakeryCWE-79 6.1 -2021-07-06
CVE-2021-24387 Real Estate 7 < 3.1.1 - Reflected Cross-Site Scripting (XSS) — WP Pro Real Estate 7CWE-79 6.1 -2021-07-06
CVE-2021-24384 JoomSport < 5.1.8 - Unauthenticated PHP Object Injection — JoomSport – for Sports: Team & League, Football, Hockey & moreCWE-502 9.8 -2021-07-06
CVE-2021-24375 Motor theme < 3.1.0 - Local File Inclusion — MotorCWE-22 9.8 -2021-07-06
CVE-2021-35336 Tieline IP Audio Gateway 访问控制错误漏洞 — n/a 9.8 -2021-07-01
CVE-2021-35973 Netgear NETGEAR WAC104 授权问题漏洞 — n/a 9.8 Critical2021-06-30
CVE-2021-20107 Sloan SmartFaucets 授权问题漏洞 — SLOAN 7.1 -2021-06-30
CVE-2021-30648 Symantec Advanced Secure Gateway 和 Symantec ProxySG 授权问题漏洞 — Advanced Secure Gateway (ASG) and ProxySG 9.8 -2021-06-30
CVE-2021-35941 Western Digital WD My Book Live 访问控制错误漏洞 — n/a 9.1 -2021-06-29
CVE-2021-20104 Machform 代码问题漏洞 — AppNitro Machform 9.8 -2021-06-29
CVE-2020-7871 Helpcom 输入验证错误漏洞 — HelpcomCWE-20 7.5 High2021-06-29
CVE-2021-1134 Cisco DNA Center Certificate Validation Vulnerability — Cisco Digital Network Architecture Center (DNA Center)CWE-295 9.1 -2021-06-29
CVE-2021-28623 Adobe Premiere Elements Privilege Escalation Vulnerability — PremiereCWE-379 6.2 -2021-06-28
CVE-2021-28597 Adobe Photoshop Elements Privilege Escalation Vulnerability - symbolic link — Photoshop ElementsCWE-379 6.2 -2021-06-28
CVE-2021-28574 Adobe Animate out-of-bounds read vulnerability could lead to information exposure — AnimateCWE-125 4.3 Medium2021-06-28
CVE-2021-28570 Adobe After Effects uncontrolled search path element vulnerability could lead to remote code execution — After EffectsCWE-427 8.3 High2021-06-28
CVE-2021-28576 Adobe Animate out-of-bounds read vulnerability could lead to information exposure — AnimateCWE-125 4.3 Medium2021-06-28
CVE-2021-28575 Adobe Animate out-of-bounds read vulnerability could lead to information exposure — AnimateCWE-125 4.3 Medium2021-06-28
CVE-2021-28573 Adobe Animate out-of-bounds read vulnerability could lead to information exposure — AnimateCWE-125 4.3 Medium2021-06-28
CVE-2021-28562 Adobe Acrobat Reader use-after-free could lead to arbitrary code execution — Acrobat ReaderCWE-416 8.8 High2021-06-28
CVE-2021-21102 Adobe Illustrator DOCX file parsing directory traversal vulnerability could lead to remote code execution — IllustratorCWE-22 8.8 High2021-06-28
CVE-2021-21090 Adobe InCopy DOCX file parsing directory traversal vulnerability could lead to remote code execution — InCopyCWE-22 8.8 High2021-06-28
CVE-2021-28563 Magento Commerce improper Authorization via the 'Create Customer' endpoint — Magento CommerceCWE-285 6.5 Medium2021-06-28
CVE-2021-21099 Adobe InDesign PCX file parsing out-of-bounds write vulnerability could lead to remote code execution — InDesignCWE-787 8.8 High2021-06-28
CVE-2021-28556 Magento Commerce DOM-based cross-site scripting (XSS) could lead to arbitrary javascript execution — Magento CommerceCWE-79 6.9 Medium2021-06-28
CVE-2021-21098 Adobe InDesign PCX file parsing out-of-bounds write vulnerability could lead to remote code execution — InDesignCWE-787 8.8 High2021-06-28
CVE-2021-21101 Adobe Illustrator TTF font parsing out-of-bounds write vulnerability could lead to remote code execution — IllustratorCWE-787 8.8 High2021-06-28
CVE-2021-21083 Adobe Experience Manager broken access control in DSRPReindexServlet could lead to denial-of-service — Experience ManagerCWE-284 7.5 High2021-06-28
CVE-2021-33536 WEIDMUELLER: WLAN devices affected by Denial-of-Service vulnerability — IE-WL(T)-BL-AP-CL-XXCWE-191 7.5 High2021-06-25

Vulnerabilities classified as access:pre-auth represent 19431 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.