Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18834

18834 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2025-37168 Unauthenticated Arbitrary File Deletion Vulnerability in AOS-8 Operating System — ArubaOS (AOS) 8.2 High2026-01-13
CVE-2025-68271 Unauthenticated Remote Code Execution in openc3-api — cosmosCWE-95 10.0 Critical2026-01-13
CVE-2025-47855 Fortinet FortiFone 信息泄露漏洞 — FortiFoneCWE-200 9.3 Critical2026-01-13
CVE-2025-12548 Github.com/che-incubator/che-code: eclipse che — unauthenticated rce and secret exfiltration via tcp/3333 — Red Hat OpenShift Dev Spaces (RHOSDS) 3.22CWE-306 9.0 Critical2026-01-13
CVE-2025-14507 EventPrime - Events Calendar, Bookings and Tickets <= 4.2.7.0 - Unauthenticated Sensitive Information Exposure via REST API — EventPrime – Events Calendar, Bookings and TicketsCWE-200 5.3 Medium2026-01-13
CVE-2025-40805 Siemens Industrial Edge Devices 安全漏洞 — Industrial Edge Cloud Device (IECD)CWE-639 10.0 Critical2026-01-13
CVE-2025-41717 Config-Upload Code Injection — TC ROUTER 3002T-3GCWE-94 8.8 High2026-01-13
CVE-2025-14829 e-xact-hosted-payment <= 2.0 - Unauthenticated Arbitrary File Deletion — E-xact | Hosted Payment | 9.1AICriticalAI2026-01-13
CVE-2026-0514 Cross-Site Scripting (XSS) vulnerability in SAP Business Connector — SAP Business ConnectorCWE-79 6.1 Medium2026-01-13
CVE-2026-0513 Open Redirect Vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog) — SAP Supplier Relationship Management (SICF Handler in SRM Catalog)CWE-601 4.7 Medium2026-01-13
CVE-2026-0500 Remote code execution in SAP Wily Introscope Enterprise Manager (WorkStation) — SAP Wily Introscope Enterprise Manager (WorkStation)CWE-94 9.6 Critical2026-01-13
CVE-2026-0499 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal — SAP NetWeaver Enterprise PortalCWE-79 6.1 Medium2026-01-13
CVE-2025-68707 Tongyu AX1800 安全漏洞 — n/a 8.8AIHighAI2026-01-13
CVE-2026-22812 OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution — opencodeCWE-306 8.8 High2026-01-12
CVE-2026-22788 WebErpMesv2 allows unauthenticated API Access — WebErpMesv2CWE-306 8.2 High2026-01-12
CVE-2025-12420 Unauthenticated Privilege Escalation in ServiceNow AI Platform — Now Assist AI AgentsCWE-250 9.8AICriticalAI2026-01-12
CVE-2026-22781 TinyWeb CGI Command Injection — TinyWebCWE-78 9.8AICriticalAI2026-01-12
CVE-2025-68472 MindsDB has improper sanitation of filepath that leads to information disclosure and DOS — mindsdbCWE-22 8.1 High2026-01-12
CVE-2026-0853 A-Plus Video Technologies|NVR - Sensitive Data Exposure — AP-RM864PCWE-497 5.3 Medium2026-01-12
CVE-2025-52694 Execution of arbitrary SQL commands — IoTSuite and IoT Edge Products 10.0 Critical2026-01-12
CVE-2025-67146 GYM-MANAGEMENT-SYSTEM 安全漏洞 — n/a 9.8AICriticalAI2026-01-12
CVE-2025-67147 GYM-MANAGEMENT-SYSTEM 安全漏洞 — n/a 9.8AICriticalAI2026-01-12
CVE-2026-0831 Templately <= 3.4.8 - Unauthenticated Limited Arbitrary JSON File Write — Templately – Elementor & Gutenberg Template Library: 6500+ Free & Pro Ready Templates And Cloud!CWE-863 5.3 Medium2026-01-10
CVE-2025-14976 User Registration & Membership <= 4.4.8 - Cross-Site Request Forgery to Arbitrary Post Deletion — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-352 5.4 Medium2026-01-10
CVE-2025-14948 miniOrange OTP Verification and SMS Notification for WooCommerce <= 4.3.8 - Missing Authorization to Unauthenticated Notification Settings Modification — miniOrange OTP Verification and SMS Notification for WooCommerceCWE-862 5.3 Medium2026-01-10
CVE-2025-13457 WooCommerce Square <= 5.1.1 - Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure in get_token_by_id — WooCommerce SquareCWE-639 7.5 High2026-01-10
CVE-2026-22589 Spree API has Unauthenticated IDOR - Guest Address — spreeCWE-639 7.5 High2026-01-10
CVE-2026-22603 OpenProject has no protection against brute-force attacks in the Change Password function — openprojectCWE-307 9.8 -2026-01-10
CVE-2025-15501 Sangfor Operation and Maintenance Management System getCmd WriterHandle.getCmd os command injection — Operation and Maintenance Management SystemCWE-78 9.8 Critical2026-01-09
CVE-2025-15500 Sangfor Operation and Maintenance Management System HTTP POST Request getHis os command injection — Operation and Maintenance Management SystemCWE-78 9.8 Critical2026-01-09

Vulnerabilities classified as access:pre-auth represent 18834 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.