Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18832

18832 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2026-25139 RIOT Vulnerable to Multiple Out-of-Bounds Read When Processing Received 6LoWPAN SFR Fragments — RIOTCWE-125 9.1AICriticalAI2026-02-04
CVE-2026-25055 n8n Arbitrary File Write on Remote Systems via SSH Node — n8nCWE-22 10.0AICriticalAI2026-02-04
CVE-2026-20119 Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability — Cisco RoomOS SoftwareCWE-1287 7.5 High2026-02-04
CVE-2026-20123 Cisco Prime Infrastructure and Evolved Programmable Network Manager Open Redirect Vulnerability — Cisco Evolved Programmable Network Manager (EPNM)CWE-601 4.3 Medium2026-02-04
CVE-2026-20056 Cisco Secure Web Appliance TBD Bypass Vulnerability — Cisco Secure Web ApplianceCWE-494 4.0 Medium2026-02-04
CVE-2026-24735 Apache Answer: Revision API Improper Access Control leads to Information Disclosure — Apache AnswerCWE-359 5.3AIMediumAI2026-02-04
CVE-2026-0679 Fortis for WooCommerce <= 1.2.0 - Missing Authorization to Unauthenticated Arbitrary Order Status Update to Paid via 'wc-api' Endpoint — Fortis for WooCommerceCWE-862 5.3 Medium2026-02-04
CVE-2026-0572 WebPurify Profanity Filter <= 4.0.2 - Missing Authorization to Unauthenticated Plugin Settings Change via webpurify_save_options — WebPurify Profanity FilterCWE-862 6.5 Medium2026-02-04
CVE-2025-15507 Magic Import Document Extractor <= 1.0.5 - Missing Authorization to Unauthenticated Plugin License Status Modification — Magic Import Document ExtractorCWE-862 5.3 Medium2026-02-04
CVE-2025-15508 Magic Import Document Extractor <= 1.0.6 - Unauthenticated Sensitive Information Exposure — Magic Import Document ExtractorCWE-200 5.3 Medium2026-02-04
CVE-2025-15268 Infility Global <= 2.14.46 - Unauthenticated SQL Injection via Predictable API Key and IP Whitelist Bypass — Infility GlobalCWE-89 7.5 High2026-02-04
CVE-2025-15285 SEO Flow by LupsOnline <= 2.2.1 - Unauthenticated Arbitrary Post/Category Modification — SEO Flow by LupsOnlineCWE-862 7.5 High2026-02-04
CVE-2025-14461 Xendit Payment <= 6.0.2 - Missing Authorization to Unauthenticated Arbitrary Order Status Update to Paid — Xendit PaymentCWE-862 5.3 Medium2026-02-04
CVE-2025-15482 Chapa Payment Gateway Plugin for WooCommerce <= 1.0.3 - Unauthenticated Sensitive Information Exposure — Chapa Payment Gateway Plugin for WooCommerceCWE-200 5.3 Medium2026-02-04
CVE-2025-70545 PPC 2K05X 安全漏洞 — n/a 6.1AIMediumAI2026-02-04
CVE-2026-1633 Synectix LAN 232 TRIO Missing Authentication for Critical Function — LAN 232 TRIOCWE-306 10.0 Critical2026-02-03
CVE-2026-1632 RISS SRL MOMA Seismic Station Missing Authentication for Critical Function — MOMA Seismic StationCWE-306 9.1 Critical2026-02-03
CVE-2020-37092 Netis E1+ 1.2.32533 - Backdoor Account (root) — Netis E1+CWE-798 7.5 High2026-02-03
CVE-2020-37093 Netis E1+ 1.2.32533 - Unauthenticated WiFi Password Leak — Netis E1+CWE-201 7.5 High2026-02-03
CVE-2020-37091 Maian Support Helpdesk 4.3 - Cross-Site Request Forgery (Add Admin) — Maian Support HelpdeskCWE-352 5.3 Medium2026-02-03
CVE-2020-37088 School ERP Pro 1.0 - Arbitrary File Read — School ERP ProCWE-22 7.5 High2026-02-03
CVE-2020-37086 Easy Transfer 1.7 for iOS - Directory Traversal — Easy TransferCWE-22 6.2 Medium2026-02-03
CVE-2020-37082 webERP 4.15.1 - Unauthenticated Backup File Access — webERPCWE-552 9.8 Critical2026-02-03
CVE-2020-37080 webTareas 2.0.p8 - Arbitrary File Deletion — webTareasCWE-73 9.8 Critical2026-02-03
CVE-2020-37071 CraftCMS 3 vCard Plugin 1.0.0 - Remote Code Execution — CraftCMSCWE-502 9.8 Critical2026-02-03
CVE-2026-25509 CI4MS Vulnerable to User Email Enumeration via Password Reset Flow — ci4msCWE-204 5.3 Medium2026-02-03
CVE-2026-25150 Prototype Pollution via FormData Processing in Qwik City — qwikCWE-1321 9.3 Critical2026-02-03
CVE-2026-1801 Libsoup: libsoup: http request smuggling via malformed chunk headers — Red Hat Enterprise Linux 10CWE-444 5.3 Medium2026-02-03
CVE-2025-64438 Fast-DDS: Unbounded GAP range triggers OOM DoS under RELIABLE QoS — Fast-DDSCWE-835 7.5AIHighAI2026-02-03
CVE-2025-62602 FastDDS has heap buffer overflow in readData via Manipulated DATA Submessage when DDS Security is enabled — Fast-DDSCWE-122 7.5AIHighAI2026-02-03

Vulnerabilities classified as access:pre-auth represent 18832 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.