Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19857

19857 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2026-1450 rognone <= 0.6.2 - Reflected Cross-Site Scripting via 'mode' Parameter — rognoneCWE-79 6.1 Medium2026-06-02
CVE-2026-4071 BirdSeed <= 2.2.0 - Cross-Site Request Forgery via BirdSeed Token Change — BirdSeedCWE-352 4.3 Medium2026-06-02
CVE-2026-3514 Authentication Bypass in prefecthq/prefect — prefecthq/prefectCWE-863--2026-06-02
CVE-2026-8206 Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password' — Kirki – Freeform Page Builder, Website Builder & CustomizerCWE-269 9.8 Critical2026-06-02
CVE-2026-10100 Simple Custom Login Page <= 1.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting — Simple Custom Login PageCWE-79 4.4 Medium2026-06-02
CVE-2026-40964 Cloud Foundry Foundation 安全漏洞 — log-cache_releaseCWE-287 7.5 High2026-06-01
CVE-2026-49491 Pixa Bank 2.0 SQL Injection via agence-ajax.php API — Pixa BankCWE-89 8.2 High2026-06-01
CVE-2018-25434 WP AutoSuggest 0.24 SQL Injection via autosuggest.php — WP AutoSuggestCWE-89 8.2 High2026-06-01
CVE-2018-25433 Joomla JE Photo Gallery 1.1 SQL Injection via categoryid — JE Photo GalleryCWE-89 8.2 High2026-06-01
CVE-2018-25428 Paroiciel 11.20 SQL Injection via tRecIdListe Parameter — ParoicielCWE-89 8.2 High2026-06-01
CVE-2026-49136 Banana Slides 0.4.0 Path Traversal via generate_image() in ai_service.py — banana-slidesCWE-22 7.5 High2026-06-01
CVE-2026-43624 F5-TTS 1.1.20 Path Traversal via finetune_gradio.py create_data_project() — F5-TTSCWE-22 8.2 High2026-06-01
CVE-2026-45727 CloakBrowser: Unauthenticated path traversal via fingerprint parameter in cloakserve leads to arbitrary directory deletion — CloakBrowserCWE-22--2026-06-01
CVE-2026-49121 AI Tensor Engine for ROCm (AITER) 0.1.14 Unauthenticated RCE via MessageQueue.recv() Pickle Deserialization — aiterCWE-502 8.1 High2026-06-01
CVE-2026-25599 Missing authentication and clear‑text data transmission affecting Orca heat pumps — Orca heat pumpCWE-79 6.3 Medium2026-06-01
CVE-2026-40543 Missing Authorization in SOPlanning — SOPlanningCWE-862--2026-06-01
CVE-2026-49361 Apache Fluss Netty Frame Decoder Memory Exhaustion Vulnerability — Apache Fluss (incubating)CWE-770--2026-06-01
CVE-2026-10517 Clair: clair: unauthenticated ssrf via manifest layer uri enables internal network reconnaissance — Red Hat Quay 3CWE-918 5.8 Medium2026-06-01
CVE-2026-7858 Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x — Teamwork Cloud - Standard EditionCWE-502 9.8 Critical2026-06-01
CVE-2026-49270 Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Durable Subscription Disclosure via Crafted BrokerInfo (OpenWire) — Apache ActiveMQ BrokerCWE-1230--2026-06-01
CVE-2026-48188 SQL Injection via MySQL Quote Method — OTRSCWE-20 9.1 Critical2026-06-01
CVE-2026-37235 FlexRIC 安全漏洞 — n/a--2026-06-01
CVE-2026-37229 FlexRIC 安全漏洞 — n/a--2026-06-01
CVE-2026-37230 FlexRIC 安全漏洞 — n/a--2026-06-01
CVE-2026-37220 FlexRIC 安全漏洞 — n/a--2026-06-01
CVE-2026-37221 FlexRIC 安全漏洞 — n/a--2026-06-01
CVE-2026-37222 FlexRIC 安全漏洞 — n/a--2026-06-01
CVE-2026-37223 FlexRIC 安全漏洞 — n/a--2026-06-01
CVE-2026-37224 FlexRIC 安全漏洞 — n/a--2026-06-01
CVE-2026-37225 FlexRIC 安全漏洞 — n/a--2026-06-01

Vulnerabilities classified as access:pre-auth represent 19857 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.