Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18835

18835 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2025-67707 Unvalidated File Upload vulnerability in ArcGIS Server. — ArcGIS ServerCWE-434 5.6 Medium2025-12-31
CVE-2025-67706 Unvalidated File Upload vulnerability in ArcGIS Server. — ArcGIS ServerCWE-434 5.6 Medium2025-12-31
CVE-2025-67705 Reflected XSS vulnerability in ArcGIS Server. — ArcGIS ServerCWE-79 6.1 Medium2025-12-31
CVE-2025-67704 Stored XSS vulnerability in ArcGIS Server. — ArcGIS ServerCWE-79 6.1 Medium2025-12-31
CVE-2025-67703 Stored XSS vulnerability in ArcGIS Server. — ArcGIS ServerCWE-79 6.1 Medium2025-12-31
CVE-2025-34469 Cowrie < 2.9.0 Unrestricted wget/curl Emulation Enables SSRF-Based DDoS Amplification — CowrieCWE-918 7.5 -2025-12-31
CVE-2021-47743 COMMAX Biometric Access Control System 1.0.0 Reflected XSS via Cookie Parameters — COMMAX Biometric Access Control SystemCWE-79 6.1 Medium2025-12-31
CVE-2025-15393 Kohana KodiCMS Layout API Endpoint file.php save code injection — KodiCMSCWE-94 6.3 Medium2025-12-31
CVE-2025-62755 WordPress GS Portfolio for Envato plugin <= 1.4.2 - Broken Access Control vulnerability — GS Portfolio for EnvatoCWE-862 5.3 Medium2025-12-31
CVE-2025-15387 QNO Technology|VPN Firewall - Insufficient Entropy — VPN FirewallCWE-331 8.8 High2025-12-31
CVE-2025-15017 Moxa NPort 5000 Series 安全漏洞 — NPort 5000AI-M12 SeriesCWE-489 7.6 -2025-12-31
CVE-2025-14783 Easy Digital Downloads <= 3.6.2 - Unvalidated Redirect in Password Reset Flow via edd_redirect — Easy Digital Downloads – eCommerce Payments and Subscriptions made easyCWE-640 4.3 Medium2025-12-31
CVE-2025-14434 Ultimate Post Kit < 4.0.16 – Unauthenticated Arbitrary Post Content Disclosure — Ultimate Post Kit Addons for Elementor 5.3 -2025-12-31
CVE-2025-13029 Knowband Mobile App Builder for wooCommerce < 3.0.0 – Unauthenticated Arbitrary User Deletion — Knowband Mobile App Builder 7.5 -2025-12-31
CVE-2022-50802 ETAP Safety Manager 1.0.0.32 Unauthenticated Reflected Cross-Site Scripting via Action Parameter — ETAP Safety ManagerCWE-79 6.1 Medium2025-12-30
CVE-2024-58336 Akuvox Smart Intercom S539 Unauthenticated Video Stream Disclosure — Akuvox Smart DoorphoneCWE-306 5.3 Medium2025-12-30
CVE-2023-54327 Tinycontrol LAN Controller 1.58a Authentication Bypass via Admin Password Change — LAN ControllerCWE-862 9.8 Critical2025-12-30
CVE-2022-50796 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Remote Code Execution via upload.cgi — Impact/Pulse/FirstCWE-22 9.8 Critical2025-12-30
CVE-2022-50794 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Command Injection via Username — Impact/Pulse/FirstCWE-78 9.8 Critical2025-12-30
CVE-2022-50795 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Conditional Command Injection via traceroute.php — Impact/Pulse/FirstCWE-78 7.8 High2025-12-30
CVE-2022-50792 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated File Disclosure Vulnerability — Impact/Pulse/FirstCWE-22 7.5 High2025-12-30
CVE-2022-50789 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Conditional Command Injection via dns.php — Impact/Pulse/FirstCWE-78 7.8 High2025-12-30
CVE-2022-50790 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Radio Stream Disclosure — Impact/Pulse/FirstCWE-306 7.5 High2025-12-30
CVE-2022-50791 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Conditional Command Injection via ping.php — Impact/Pulse/FirstCWE-78 7.8 High2025-12-30
CVE-2022-50787 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Stored Cross-Site Scripting — Impact/Pulse/FirstCWE-79 7.2 High2025-12-30
CVE-2022-50788 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Information Disclosure via Log Directory — Impact/Pulse/FirstCWE-548 7.5 High2025-12-30
CVE-2022-50695 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x ICMP Flood Attack via Network Commands — Impact/Pulse/FirstCWE-770 7.5 High2025-12-30
CVE-2022-50691 MiniDVBLinux 5.4 Remote Root Command Execution via commands.sh — MiniDVBLinuxCWE-78 9.8 Critical2025-12-30
CVE-2025-15355 NetVision Information|ISOinsight - Reflected Cross-site Scripting — ISOinsightCWE-79 6.1 Medium2025-12-30
CVE-2025-69217 Coturn has unsafe nonce and relay port randomization due to weak random number generation. — coturnCWE-338 7.7 High2025-12-30

Vulnerabilities classified as access:pre-auth represent 18835 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.