Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19401

19401 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2021-32542 SysJust CTS Web - Reflected XSS — CTS WebCWE-79 4.7 Medium2021-05-28
CVE-2021-32541 SysJust CTS Web - Broken Access Control — CTS Web 5.3 Medium2021-05-28
CVE-2021-27852 Checkbox Survey 代码问题漏洞 — Survey 9.8 Critical2021-05-27
CVE-2020-14387 rsync rsync-ssl 存在安全漏洞 — rsyncCWE-297 7.4 -2021-05-27
CVE-2021-22891 Citrix Systems Citrix ShareFile 安全漏洞 — Citrix ShareFile Storage Zones ControllerCWE-862 9.8 -2021-05-27
CVE-2021-22911 Rocket.Chat 安全漏洞 — Rocket.Chat serverCWE-75 9.8 -2021-05-27
CVE-2018-10868 Red Hat Certification 访问控制错误漏洞 — redhat-certificationCWE-400 7.5 -2021-05-26
CVE-2018-10866 Red Hat Certification 授权问题漏洞 — redhat-certificationCWE-862 9.1 -2021-05-26
CVE-2018-10865 Red Hat Certification 安全漏洞 — redhat-certificationCWE-862 7.5 -2021-05-26
CVE-2021-21986 VMware vSphere Client 访问控制错误漏洞 — VMware vCenter Server and VMware Cloud Foundation 9.8 -2021-05-26
CVE-2021-27823 NetWave System 信息泄露漏洞 — n/a 7.5 -2021-05-25
CVE-2021-30083 Mediat 跨站脚本漏洞 — n/a 6.1 -2021-05-24
CVE-2020-26555 Bluetooth Core Specification 信息泄露漏洞 — n/a 5.4 -2021-05-24
CVE-2021-24297 Goto < 2.1 - Reflected Cross-Site Scripting (XSS) — GotoCWE-79 6.1 -2021-05-24
CVE-2021-24305 Target First Plugin 2.0 - Unauthenticated Stored XSS via Licence Key — Target First PluginCWE-79 6.1 -2021-05-24
CVE-2021-24294 DSGVO All in one for WP < 4.0 - Unauthenticated Stored Cross-Site Scripting (XSS) — DSGVO All in one for WPCWE-79 9.6 -2021-05-24
CVE-2021-1358 Cisco Finesse Open Redirect Vulnerability — Cisco Unified Contact Center ExpressCWE-601 4.7 Medium2021-05-22
CVE-2021-33514 Netgear NETGEAR 操作系统命令注入漏洞 — n/a 8.8 High2021-05-21
CVE-2020-35580 SearchBlox 路径遍历漏洞 — n/a 7.5 -2021-05-20
CVE-2021-3480 slapi-nis 代码问题漏洞 — slapi-nisCWE-476 7.5 -2021-05-20
CVE-2021-29503 Improper Neutralization of Script-Related HTML Tags in Notes — hedgedocCWE-80 8.1 High2021-05-19
CVE-2021-31930 concerto 跨站脚本漏洞 — n/a 6.1 -2021-05-19
CVE-2017-17675 BMC Software BMC Remedy 9.1SP3 日志信息泄露漏洞 — n/a 5.3 -2021-05-19
CVE-2021-20589 多款 Mitsubishi Electric 设备缓冲区错误漏洞 — GOT2000 series; GOT SIMPLE series; GT SoftGOT2000; Tension Controller 9.8 -2021-05-19
CVE-2021-24290 Store Locator Plus <= 5.5.15 - Unauthenticated Stored Cross-Site Scripting (XSS) — Store Locator Plus for WordPressCWE-79 6.1 -2021-05-17
CVE-2021-24295 Time-based Blind SQL Injection in Spam protection, AntiSpam, FireWall by CleanTalk < 5.153.4 — Spam protection, AntiSpam, FireWall by CleanTalkCWE-89 9.1 -2021-05-17
CVE-2021-24299 ReDi Restaurant Reservations < 21.0426 - Unauthenticated Stored Cross-Site Scripting (XSS) — ReDi Restaurant ReservationCWE-79 6.1 -2021-05-17
CVE-2021-24314 Goto < 2.1 - Unauthenticated Blind SQL Injection — GotoCWE-89 9.8 -2021-05-17
CVE-2021-29024 InvoicePlane 路径遍历漏洞 — n/a 5.3 -2021-05-17
CVE-2021-24291 Photo Gallery < 1.5.69 - Multiple Reflected Cross-Site Scripting (XSS) — Photo Gallery by 10Web – Mobile-Friendly Image GalleryCWE-79 6.1 -2021-05-14

Vulnerabilities classified as access:pre-auth represent 19401 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.