Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18829

18829 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2026-2385 The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.7 - Unauthenticated Email Relay — The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerceCWE-345 5.3 Medium2026-02-22
CVE-2026-2885 D-Link DWR-M960 formIpv6Setup sub_469104 stack-based overflow — DWR-M960CWE-121 8.8 High2026-02-21
CVE-2026-1787 LearnPress Export Import <= 4.1.0 - Missing Authentication to Unauthenticated Migrated Course Deletion — LearnPress – Backup & Migration ToolCWE-862 4.8 Medium2026-02-21
CVE-2025-14339 weMail <= 2.0.7 - Missing Authorization to Unauthenticated Form Deletion — weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerceCWE-862 6.5 Medium2026-02-21
CVE-2026-27482 Ray: Dashboard DELETE endpoints allow unauthenticated browser-triggered DoS (Serve shutdown / job deletion) — rayCWE-396 5.9 Medium2026-02-21
CVE-2026-27469 Isso: Stored XSS via comment website field — issoCWE-79 6.1 Medium2026-02-21
CVE-2026-27161 Unauthenticated Information Disclosure via .htaccess Reliance in Sensitive Directories — GetSimpleCMS-CECWE-200 5.9AIMediumAI2026-02-20
CVE-2019-25454 phpMoAdmin 1.1.5 Stored Cross-Site Scripting via collection Parameter — phpMoAdminCWE-79 6.1 Medium2026-02-20
CVE-2019-25453 phpMoAdmin 1.1.5 Reflected Cross-Site Scripting via moadmin.php — phpMoAdminCWE-79 6.1 Medium2026-02-20
CVE-2019-25441 thesystem 1.0 Command Injection via run_command endpoint — thesystemCWE-78 9.8 Critical2026-02-20
CVE-2019-25438 LabCollector 5.423 SQL Injection via login.php — LabCollectorCWE-89 7.5 High2026-02-20
CVE-2019-25434 SpotAuditor 5.3.1.0 Denial of Service via Registration Name Field — Nsauditor SpotAuditorCWE-121 7.5 High2026-02-20
CVE-2019-25432 Part-DB 0.4 Authentication Bypass via login.php — Part-DBCWE-89 7.5 High2026-02-20
CVE-2019-25431 delpino73 Blue-Smiley-Organizer 1.32 SQL Injection via datetime — Blue-Smiley-OrganizerCWE-89 8.2 High2026-02-20
CVE-2026-2473 Bucket Squatting in Vertex AI Experiments leads to RCE and Model Theft. — Vertex AI ExperimentsCWE-340 9.8AICriticalAI2026-02-20
CVE-2026-2472 Stored Cross-Site Scripting (XSS) in Vertex AI Python SDK Visualization — Vertex AI SDK for PythonCWE-79 6.1AIMediumAI2026-02-20
CVE-2019-25445 Fiverr Clone Script 1.2.2 Cross-Site Scripting via search-results.php — Fiverr Clone ScriptCWE-79 6.1 Medium2026-02-20
CVE-2019-25444 Fiverr Clone Script 1.2.2 SQL Injection via page Parameter — Fiverr Clone ScriptCWE-89 9.1 Critical2026-02-20
CVE-2026-27505 SVXportal <= 2.5 admin/user_action.php Stored XSS — SVXportalCWE-79 6.1 Medium2026-02-20
CVE-2026-27502 SVXportal <= 2.5 log.php Search Reflected XSS — SVXportalCWE-79 6.1 Medium2026-02-20
CVE-2026-26048 Jinan USR IOT Technology Limited (PUSR) USR-W610 Missing Authentication for Critical Function — USR-W610CWE-306 7.5 High2026-02-20
CVE-2026-2819 Dromara RuoYi-Vue-Plus Workflow deleteByInstanceIds SaServletFilter authorization — RuoYi-Vue-PlusCWE-862 6.3 Medium2026-02-20
CVE-2026-26980 Ghost has a SQL Injection in its Content API — GhostCWE-89 9.4 Critical2026-02-20
CVE-2026-26975 Music Assistant Server Path Traversal in Playlist Update API Allows Remote Code Execution — serverCWE-73 8.8 High2026-02-20
CVE-2025-70831 Smanga 安全漏洞 — n/a 9.8AICriticalAI2026-02-20
CVE-2025-70833 Smanga 安全漏洞 — n/a 9.8AICriticalAI2026-02-20
CVE-2026-26327 OpenClaw allows unauthenticated discovery TXT records to steer routing and TLS pinning — openclawCWE-345 9.3 -2026-02-19
CVE-2026-26319 OpenClaw has Missing Webhook Authentication in Telnyx Provider Allowing Unauthenticated Requests — openclawCWE-306 7.5 High2026-02-19
CVE-2026-26057 Skill Scanner Unsecured Network Binding Vulnerability — skill-scannerCWE-668 6.5 Medium2026-02-19
CVE-2026-26339 Hyland Alfresco Transformation Service Argument Injection RCE — Alfresco Transformation Service (Enterprise)CWE-918 9.8 Critical2026-02-19

Vulnerabilities classified as access:pre-auth represent 18829 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.