Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18802

18802 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2026-0718 Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX <= 5.0.5 - Missing Authorization to Limited Post Meta Modification — Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostXCWE-862 5.3 Medium2026-04-16
CVE-2025-14868 Career Section <= 1.6 - Cross-Site Request Forgery to Arbitrary File Deletion — Career SectionCWE-22 8.8 High2026-04-16
CVE-2026-3876 Prismatic <= 3.7.3 - Unauthenticated Stored Cross-Site Scripting via 'prismatic_encoded' Pseudo-Shortcode — PrismaticCWE-79 7.2 High2026-04-16
CVE-2026-3355 Customer Reviews for WooCommerce <= 5.101.0 - Reflected Cross-Site Scripting via 'crsearch' — Customer Reviews for WooCommerceCWE-79 6.1 Medium2026-04-16
CVE-2026-3581 Basic Google Maps Placemarks <= 1.10.7 - Missing Authorization to Unauthenticated Default Map Coordinate Update — Basic Google Maps PlacemarksCWE-862 5.3 Medium2026-04-16
CVE-2026-3599 Riaxe Product Customizer <= 2.1.2 - Unauthenticated SQL Injection via 'options' Parameter Keys in product_data — Riaxe Product CustomizerCWE-89 7.5 High2026-04-16
CVE-2026-5050 Payment Gateway for Redsys & WooCommerce Lite <= 7.0.0 - Improper Verification of Cryptographic Signature to Unauthenticated Payment Status Manipulation — Payment Gateway for Redsys & WooCommerce LiteCWE-347 7.5 High2026-04-16
CVE-2026-3595 Riaxe Product Customizer <= 2.1.2 - Unauthenticated Arbitrary User Deletion via 'user_id' Parameter — Riaxe Product CustomizerCWE-862 5.3 Medium2026-04-16
CVE-2026-3596 Riaxe Product Customizer <= 2.1.2 - Missing Authorization to Unauthenticated Arbitrary Options Update to Privilege Escalation via 'install-imprint' AJAX Action — Riaxe Product CustomizerCWE-862 9.8 Critical2026-04-16
CVE-2026-4032 CodeColorer <= 0.10.1 - Unauthenticated Stored Cross-Site Scripting via 'class' attribute in 'cc' Comment Shortcode — CodeColorerCWE-79 6.1 Medium2026-04-16
CVE-2026-6351 Openfind|MailGates/MailAudit - CRLF Injection — MailGatesCWE-93 7.5 High2026-04-16
CVE-2026-6350 Openfind|MailGates/MailAudit - Stack-based Buffer Overflow — MailGatesCWE-121 9.8 Critical2026-04-16
CVE-2026-6349 HGiga|iSherlock - OS Command Injection — iSherlock-base-4.5CWE-78 9.8 Critical2026-04-16
CVE-2026-37100 Yamaha SR-B30A 安全漏洞 — n/a 8.1AIHighAI2026-04-16
CVE-2026-30459 FUEL CMS 安全漏洞 — n/a 8.1AIHighAI2026-04-16
CVE-2026-4880 Barcode Scanner (+Mobile App) <= 1.11.0 - Unauthenticated Privilege Escalation via Insecure Token Authentication — Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale)CWE-269 9.8 Critical2026-04-15
CVE-2026-40245 Free5GC: UDR nudr-dr influenceData/subs-to-notify leaks SUPI in error response body without authentication — free5gcCWE-200 7.5 High2026-04-15
CVE-2026-40173 Dgraph: Unauthenticated pprof endpoint leaks admin auth token — dgraphCWE-200 9.4 Critical2026-04-15
CVE-2026-39857 Information Disclosure via `choices`/`counts` Query Parameters Bypassing publicApiProjection Field Restrictions — apostropheCWE-200 5.3 Medium2026-04-15
CVE-2026-33888 ApostropheCMS: publicApiProjection Bypass via `project` Query Builder in Piece-Type REST API — apostropheCWE-863 5.3 Medium2026-04-15
CVE-2026-33877 ApostropheCMS: User Enumeration via Timing Side Channel in Password Reset Endpoint — apostropheCWE-208 3.7 Low2026-04-15
CVE-2026-5189 Nexus Repository 3 - Hardcoded Credential in Internal Database Component — Nexus RepositoryCWE-798 9.8 -2026-04-15
CVE-2026-20059 Cisco Unity Connection Reflected Cross-Site Scripting Vulnerability — Cisco Unity ConnectionCWE-79 6.1 Medium2026-04-15
CVE-2026-20060 Cisco Unity Connection Open Redirect Vulnerability — Cisco Unity ConnectionCWE-601 4.7 Medium2026-04-15
CVE-2026-20170 Cisco Webex Contact Center 安全漏洞 — Cisco Webex Contact CenterCWE-80 6.1 Medium2026-04-15
CVE-2026-20184 Cisco Webex Meetings Certificate Validation Vulnerability — Cisco Webex MeetingsCWE-295 9.8 Critical2026-04-15
CVE-2026-20152 Cisco Secure Web Appliance Authentication Service Traffic Bypass Vulnerability — Cisco Secure Web ApplianceCWE-305 5.3 Medium2026-04-15
CVE-2026-5387 AVEVA Pipeline Simulation Missing Authorization — Pipeline Simulation 2025CWE-862 9.8 -2026-04-15
CVE-2026-1852 Product Pricing Table by WooBeWoo <= 1.1.0 - Cross-Site Request Forgery to Stored XSS and Pricing Table Deletion — Product Pricing Table by WooBeWooCWE-352 6.1 Medium2026-04-15
CVE-2026-33808 @fastify/express vulnerable to middleware authentication bypass via URL normalization gaps (duplicate slashes and semicolons) — @fastify/expressCWE-436 9.1 -2026-04-15

Vulnerabilities classified as access:pre-auth represent 18802 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.