Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19401

19401 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2021-2195 Oracle E-Business Suite Oracle Partner Management Attribute Admin Setup 安全漏洞 — Partner Management 8.2 High2021-04-22
CVE-2021-2182 Oracle E-Business Suite Oracle iStore Shopping Cart 安全漏洞 — iStore 8.2 High2021-04-22
CVE-2021-2183 Oracle E-Business Suite 安全漏洞 — iStore 8.2 High2021-04-22
CVE-2021-2184 Oracle E-Business Suite 安全漏洞 — iStore 8.2 High2021-04-22
CVE-2021-2185 Oracle E-Business Suite 安全漏洞 — iStore 8.2 High2021-04-22
CVE-2021-2186 Oracle E-Business Suite 安全漏洞 — iStore 8.2 High2021-04-22
CVE-2021-2177 Oracle Secure Global Desktop输入验证错误漏洞 — Secure Global Desktop 10.0 Critical2021-04-22
CVE-2021-2157 Oracle WebLogic Server 安全漏洞 — TopLink 7.5 High2021-04-22
CVE-2021-2161 多款 Oracle 产品输入验证错误漏洞 — Java SE JDK and JRE 5.9 Medium2021-04-22
CVE-2021-2163 甲骨文 Oracle Java SE Embedded 输入验证错误漏洞 — Java SE JDK and JRE 5.3 Medium2021-04-22
CVE-2021-2150 Oracle E-Business Suite Oracle iStore Shopping Cart 安全漏洞 — iStore 8.2 High2021-04-22
CVE-2021-2153 Oracle E-Business Suite Oracle Internet Expenses Mobile Expenses 安全漏洞 — Internet Expenses 4.3 Medium2021-04-22
CVE-2021-2155 Oracle E-Business Suite Oracle One-to-One Fulfillment 安全漏洞 — One-to-One Fulfillment 4.3 Medium2021-04-22
CVE-2021-2135 Oracle Fusion Middleware 安全漏洞 — WebLogic Server 9.8 Critical2021-04-22
CVE-2021-2136 Oracle WebLogic Server 安全漏洞 — WebLogic Server 9.8 Critical2021-04-22
CVE-2021-2140 Oracle Financial Services Analytical Applications 安全漏洞 — Financial Services Analytical Applications Infrastructure 6.1 Medium2021-04-22
CVE-2021-2142 Oracle WebLogic Server 输入验证错误漏洞 — WebLogic Server 6.1 Medium2021-04-22
CVE-2021-2008 Oracle Enterprise Manager for Fusion Middleware 安全漏洞 — Enterprise Manager for Fusion Middleware 7.3 High2021-04-22
CVE-2021-2053 Oracle Enterprise Manager Base Platform 安全漏洞 — Enterprise Manager Base Platform 6.1 Medium2021-04-22
CVE-2021-24240 Business Hours Pro <= 5.5.0 - Unauthenticated Arbitrary File Upload to RCE — Business Hours ProCWE-434 9.8 -2021-04-22
CVE-2021-24233 Cooked Pro < 1.7.5.6 - Unauthenticated Reflected Cross Site Scripting (XSS) — Cooked PproCWE-79 6.1 -2021-04-22
CVE-2021-24235 Goto - Tour & Travel < 2.0 - Unauthenticated Reflected XSS — GotoCWE-79 6.1 -2021-04-22
CVE-2021-24237 Realteo < 1.2.4 - Unauthenticated Reflected Cross-Site Scripting (XSS) — RealteoCWE-79 6.1 -2021-04-22
CVE-2021-0268 Junos OS: J-Web has an Improper Neutralization of CRLF Sequences in its HTTP Headers which allows an attacker to carry out multiple types of attacks. — Junos OSCWE-113 8.8 High2021-04-22
CVE-2021-0265 Contrail Insights: The REST API implementation allows an unauthenticated remote attacker to execute commands as root. — Contrail Insights 8.1 High2021-04-22
CVE-2021-0260 Junos OS: SNMP fails to properly perform authorization checks on incoming received SNMP requests. — Junos OSCWE-285 7.3 High2021-04-22
CVE-2021-0261 Junos OS: Denial of Service vulnerability in J-Web and web based (HTTP/HTTPS) services caused by a high number of specific requests — Junos OSCWE-125 7.5 High2021-04-22
CVE-2021-0254 Junos OS: Remote code execution vulnerability in overlayd service — Junos OSCWE-131 9.8 Critical2021-04-22
CVE-2021-20590 Mitsubishi Electric GOT2000 授权问题漏洞 — GOT2000 series GT27 model 9.1 -2021-04-22
CVE-2021-3287 Zoho ManageEngine OpManager 代码问题漏洞 — n/a 9.8 -2021-04-22

Vulnerabilities classified as access:pre-auth represent 19401 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.