Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18829

18829 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2025-62512 Piwigo Vulnerable to User Enumeration via Password Reset Endpoint — PiwigoCWE-204 5.3 -2026-02-24
CVE-2026-27584 ActualBudget server is Missing Authentication for SimpleFIN and Pluggy AI bank sync endpoints — actualCWE-306 7.5 -2026-02-24
CVE-2025-14577 PHP Function Injection in Slican NPC/IPL/IPM/IPU — NCPCWE-306 9.8AICriticalAI2026-02-24
CVE-2025-15386 Responsive Lightbox & Gallery < 2.6.1 - Unauthenticated Stored XSS — Responsive Lightbox & Gallery 6.1AIMediumAI2026-02-24
CVE-2026-27729 Astro has memory exhaustion DoS due to missing request body size limit in Server Actions — astroCWE-770 5.9 Medium2026-02-24
CVE-2025-69985 FUXA 安全漏洞 — n/a 9.8AICriticalAI2026-02-24
CVE-2025-69252 free5GC has Null Pointer Dereference in UDM, Leading to Service Panic — udmCWE-476 7.5 -2026-02-23
CVE-2026-3044 Tenda AC8 Httpd Service UploadCfg webCgiGetUploadFile stack-based overflow — AC8CWE-121 8.8 High2026-02-23
CVE-2026-21665 Fiserv Originate Loans Peripherals Print Service 安全漏洞 — Originate Loans Peripherals (formerly Velocity Services) -- Print Service component 9.8AICriticalAI2026-02-23
CVE-2025-69248 free5GC has Array Index Out of Bounds in AMF Leading to Denial of Service — amfCWE-129 7.5AIHighAI2026-02-23
CVE-2026-23693 ElementsKit Elementor Addons < 3.7.9 Unauthenticated Mailchimp REST Endpoint — ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for ElementorCWE-306 10.0 Critical2026-02-23
CVE-2025-41002 SQL injection in Infoticketing — InfoticketingCWE-89 9.8AICriticalAI2026-02-23
CVE-2026-2976 FastApiAdmin Download Endpoint controller.py download_controller information disclosure — FastApiAdminCWE-200 4.3 Medium2026-02-23
CVE-2026-24494 SQL injection vulnerability in Order Up Online Ordering System — Online Ordering SystemCWE-89 9.8 Critical2026-02-23
CVE-2026-2959 D-Link DWR-M960 formNewSchedule sub_44E0F8 stack-based overflow — DWR-M960CWE-121 8.8 High2026-02-22
CVE-2019-25462 Web Ofisi Rent a Car v3 SQL Injection via klima Parameter — Rent a CarCWE-89 8.2 High2026-02-22
CVE-2019-25461 Web Ofisi Platinum E-Ticaret v5 SQL Injection via ajax/productsFilterSearch — TicaretCWE-89 7.5 High2026-02-22
CVE-2019-25460 Web Ofisi Platinum E-Ticaret v5 SQL Injection via q Parameter — TicaretCWE-89 7.5 High2026-02-22
CVE-2019-25459 Web Ofisi Emlak V2 SQL Injection via emlak-ara.html — EmlakCWE-89 9.8 Critical2026-02-22
CVE-2019-25458 Web Ofisi Firma Rehberi v1 SQL Injection via firmalar.html — Firma RehberiCWE-89 9.8 Critical2026-02-22
CVE-2019-25457 Web Ofisi Firma v13 SQL Injection via oz Parameter — FirmaCWE-89 7.5 High2026-02-22
CVE-2019-25456 Web Ofisi Emlak v2 SQL Injection via ara Parameter — EmlakCWE-89 9.1 Critical2026-02-22
CVE-2019-25455 Web Ofisi E-Ticaret v3 SQL Injection via ara.html — TicaretCWE-89 7.5 High2026-02-22
CVE-2019-25366 microASP Portal+ CMS SQL Injection via pagina.phtml — microASP (Portal+) CMSCWE-89 8.2 High2026-02-22
CVE-2019-25440 WebIncorp ERP Every version SQL Injection via product_detail.php — WebIncorp ERPCWE-89 8.2 High2026-02-22
CVE-2019-25433 XOOPS CMS 2.5.9 SQL Injection via gerar_pdf.php — XOOPS CMSCWE-89 8.2 High2026-02-22
CVE-2019-25452 Dolibarr ERP/CRM 10.0.1 SQL Injection via elemid — Dolibarr ERP/CRMCWE-89 7.5 High2026-02-22
CVE-2019-25446 DIGIT CENTRIS ERP Every version SQL Injection via datum1 Parameter — DIGIT CENTRISCWE-89 8.2 High2026-02-22
CVE-2019-25443 Inventory Webapp SQL Injection via add-item.php — inventory-webappCWE-89 8.2 High2026-02-22
CVE-2019-25442 Web Wiz Forums 12.01 SQL Injection via PF Parameter — Web Wiz ForumsCWE-89 7.5 High2026-02-22

Vulnerabilities classified as access:pre-auth represent 18829 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.