Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18816

18816 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2026-34275 Oracle Advanced Inbound Telephony 安全漏洞 — Oracle Advanced Inbound Telephony 9.8 Critical2026-04-21
CVE-2026-34273 Oracle GoldenGate 安全漏洞 — Oracle GoldenGate 5.3 Medium2026-04-21
CVE-2026-34274 Oracle Configurator 安全漏洞 — Oracle Configurator 6.1 Medium2026-04-21
CVE-2026-34269 Oracle PeopleSoft Enterprise PeopleTools 安全漏洞 — PeopleSoft Enterprise PeopleTools 6.1 Medium2026-04-21
CVE-2026-34268 Oracle多款产品 安全漏洞 — Oracle Java SE 2.9 Low2026-04-21
CVE-2026-22021 Oracle多款产品 安全漏洞 — Oracle Java SE 5.3 Medium2026-04-21
CVE-2026-22018 Oracle多款产品 安全漏洞 — Oracle Java SE 3.7 Low2026-04-21
CVE-2026-22016 Oracle多款产品 安全漏洞 — Oracle Java SE 7.5 High2026-04-21
CVE-2026-22013 Oracle多款产品 安全漏洞 — Oracle Java SE 5.3 Medium2026-04-21
CVE-2026-22010 Oracle Financial Services Analytical Applications Infrastructure 安全漏洞 — Oracle Financial Services Analytical Applications Infrastructure 7.5 High2026-04-21
CVE-2026-22008 Oracle Java SE 安全漏洞 — Oracle Java SE 3.7 Low2026-04-21
CVE-2026-22007 Oracle多款产品 安全漏洞 — Oracle Java SE 2.9 Low2026-04-21
CVE-2026-21999 Oracle Database Server 安全漏洞 — Oracle Database Server 5.3 Medium2026-04-21
CVE-2026-40911 WWBN AVideo YPTSocket WebSocket Broadcast Relay Leads to Unauthenticated Cross-User JavaScript Execution via Client-Side eval() Sinks — AVideoCWE-94 10.0 Critical2026-04-21
CVE-2026-40908 WWBN AVideo has an Unauthenticated Information Disclosure via git.json.php that Exposes Developer Emails and Deployed Version — AVideoCWE-200 5.3 Medium2026-04-21
CVE-2026-40885 goshs: Public collaborator feed leaks .goshs ACL credentials and enables unauthorized access — goshsCWE-200 9.1AICriticalAI2026-04-21
CVE-2026-40884 goshs: Empty-username SFTP password authentication bypass in goshs — goshsCWE-306 9.8 Critical2026-04-21
CVE-2026-40887 @vendure/core has a SQL Injection vulnerability — vendureCWE-89 9.1 Critical2026-04-21
CVE-2026-40872 mailcow: dockerized vulnerable to stored XSS in autodiscover logs email address field — mailcow-dockerizedCWE-79 6.1AIMediumAI2026-04-21
CVE-2026-41456 Bludit CMS Reflected XSS via Search Plugin — bluditCWE-79 6.1AIMediumAI2026-04-21
CVE-2026-40613 Coturn: Misaligned Memory Access in coturn STUN Attribute Parser (Remote DoS on ARM64) — coturnCWE-704 7.5 High2026-04-21
CVE-2026-40050 CrowdStrike LogScale Unauthenticated Path Traversal — LogScale Self-HostedCWE-306 9.8 Critical2026-04-21
CVE-2026-40576 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in excel-mcp-server — excel-mcp-serverCWE-22 9.4 Critical2026-04-21
CVE-2026-24189 NVIDIA CUDA-Q 缓冲区错误漏洞 — CUDA-QCWE-125 8.2 High2026-04-21
CVE-2019-25714 Seeyon Office Anywhere (OA) A8 Unauthenticated Arbitrary File Write via htmlofficeservlet — A8-V5 Collaborative Management SoftwareCWE-434 9.8AICriticalAI2026-04-21
CVE-2026-40567 FreeScout has HTML Injection in Outgoing Emails via Unsanitized Customer Name in Signature Variables — freescoutCWE-116 5.8 Medium2026-04-21
CVE-2026-40498 FreeScout has Authentication Bypass and Information Disclosure in SystemController via /system/cron — freescoutCWE-200 9.1AICriticalAI2026-04-21
CVE-2026-41039 Information Disclosure Vulnerability in Quantum Networks Router QN-I-470 — Router QN-I-470CWE-306 7.5AIHighAI2026-04-21
CVE-2026-6711 Website LLMs.txt <= 8.2.6 - Reflected Cross-Site Scripting — Website LLMs.txtCWE-79 6.1 Medium2026-04-21
CVE-2026-5965 NewSoft|NewSoftOA - OS Command Injection — NewSoftOACWE-78 9.8 Critical2026-04-21

Vulnerabilities classified as access:pre-auth represent 18816 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.