Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18834

18834 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2020-36875 AccessAlly < 3.3.2 Unauthenticated Arbitrary PHP Code Execution — AccessAllyCWE-94 9.8 -2026-01-09
CVE-2026-22198 GestSup < 3.2.60 Stored XSS in API Error Logs — GestSupCWE-79 6.1 -2026-01-09
CVE-2025-7072 Hardcoded credentials in KAON CG3000T/CG3000CT routers — CG3000TCWE-798 9.8 -2026-01-09
CVE-2025-13717 Contact Form vCard Generator <= 2.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'wp-gvc-cf-download-id' Parameter — Contact Form vCard GeneratorCWE-862 5.3 Medium2026-01-09
CVE-2025-13892 MG AdvancedOptions <= 1.2 - Reflected Cross-Site Scripting — MG AdvancedOptionsCWE-79 6.1 Medium2026-01-09
CVE-2025-13701 Shabat Keeper <= 0.4.4 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] — Shabat KeeperCWE-79 6.1 Medium2026-01-09
CVE-2025-13893 Lesson Plan Book <= 1.3 - Reflected Cross-Site Scripting — Lesson Plan BookCWE-79 6.1 Medium2026-01-09
CVE-2025-64093 Unauthenticated Remote Code Execution via the device hostname — ICX500 10.0 Critical2026-01-09
CVE-2025-13761 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79 8.0 High2026-01-09
CVE-2025-64092 Unauthenticated SQL injection via GET request parameters — ICX500 7.5 High2026-01-09
CVE-2025-13895 Top Position Google Finance <= 0.1.0 - Reflected Cross-Site Scripting — Top Position Google FinanceCWE-79 6.1 Medium2026-01-09
CVE-2025-14657 Eventin – Event Manager, Event Booking, Calendar, Tickets and Registration Plugin (AI Powered) <= 4.0.51 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via 'post_settings' — Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered)CWE-862 7.2 High2026-01-09
CVE-2025-14741 Frontend Admin by DynamiApps <= 3.28.25 - Missing Authorization to Unauthenticated Arbitrary Data Deletion via 'delete post' Form Element — Frontend Admin by DynamiAppsCWE-862 9.1 Critical2026-01-09
CVE-2025-14146 Booking Calendar <= 10.14.10 - Unauthenticated Sensitive Information Exposure — Booking CalendarCWE-862 5.3 Medium2026-01-09
CVE-2025-14937 Frontend Admin by DynamiApps <= 3.28.23 - Unauthenticated Stored Cross-Site Scripting via 'update_field' — Frontend Admin by DynamiAppsCWE-79 7.2 High2026-01-09
CVE-2025-14574 weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot <= 2.1.15 - Unauthenticated Sensitive Information Exposure — weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI ChatbotCWE-200 5.3 Medium2026-01-09
CVE-2025-15055 SlimStat Analytics <= 5.3.4 - Unauthenticated Stored Cross-Site Scripting via 'notes/resource' Parameters — SlimStat AnalyticsCWE-79 7.2 High2026-01-09
CVE-2025-15057 SlimStat Analytics <= 5.3.3 - Unauthenticated Stored Cross-Site Scripting via 'fh' Parameter — SlimStat AnalyticsCWE-79 7.2 High2026-01-09
CVE-2025-14720 Booking for Appointments and Events Calendar – Amelia <= 1.2.38 - Missing Authorization to Unauthenticated Multiple AJAX Actions — Booking for Appointments and Events Calendar – AmeliaCWE-862 5.3 Medium2026-01-09
CVE-2025-14736 Frontend Admin by DynamiApps <= 3.28.29 - Unauthenticated Privilege Escalation to Administrator via Role Form Field — Frontend Admin by DynamiAppsCWE-269 9.8 Critical2026-01-09
CVE-2025-13749 Clearfy <= 2.4.0 - Cross-Site Request Forgery to Update Notification Tampering — Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, DeferCWE-352 4.3 Medium2026-01-09
CVE-2025-14886 Japanized for WooCommerce <= 2.7.17 - Missing Authorization to Unauthenticated Order Status Modification — Japanized for WooCommerceCWE-862 5.3 Medium2026-01-09
CVE-2025-67070 Intelbras CFTV IP NVD 9032 R Ftd 安全漏洞 — n/a 9.8 -2026-01-09
CVE-2025-14436 Brevo for WooCommerce <= 4.0.49 - Unauthenticated Stored Cross-Site Scripting — Brevo for WooCommerceCWE-79 7.2 High2026-01-08
CVE-2026-22234 OPEXUS eCasePortal unauthenticated IDOR — eCase PortalCWE-639 9.8 Critical2026-01-08
CVE-2025-68151 CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages — corednsCWE-770 7.5 -2026-01-08
CVE-2026-22032 Directus has open redirect in SAML — directusCWE-601 4.3 Medium2026-01-08
CVE-2026-21892 Parsl Monitoring Visualization Vulnerable to SQL Injection — parslCWE-89 5.3 Medium2026-01-08
CVE-2025-69258 Trend Micro Apex Central 安全漏洞 — Trend Micro Apex CentralCWE-290 9.8 Critical2026-01-08
CVE-2026-21894 n8n's Missing Stripe-Signature Verification Allows Unauthenticated Forged Webhooks — n8nCWE-290 6.5 Medium2026-01-08

Vulnerabilities classified as access:pre-auth represent 18834 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.