Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18839

18839 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2020-36897 QiHang Media Web Digital Signage 3.0.9 Unauthenticated Remote Code Execution — QiHang Media Web Digital SignageCWE-434 9.8AICriticalAI2025-12-10
CVE-2020-36896 QiHang Media Web Digital Signage 3.0.9 Cleartext Credentials Disclosure — QiHang Media Web Digital SignageCWE-522 8.4AIHighAI2025-12-10
CVE-2020-36895 EIBIZ i-Media Server Digital Signage 3.8.0 Unauthenticated Configuration Disclosure — i-Media Server Digital SignageCWE-639 9.8AICriticalAI2025-12-10
CVE-2020-36894 Eibiz i-Media Server Digital Signage 3.8.0 Unauthenticated User Creation Vulnerability — i-Media Server Digital SignageCWE-306 9.8AICriticalAI2025-12-10
CVE-2020-36893 Eibiz i-Media Server Digital Signage 3.8.0 Directory Traversal Vulnerability — i-Media Server Digital SignageCWE-22 7.5AIHighAI2025-12-10
CVE-2020-36892 Eibiz i-Media Server Digital Signage 3.8.0 Unauthenticated Privilege Escalation — i-Media Server Digital SignageCWE-306 9.8AICriticalAI2025-12-10
CVE-2020-36887 SpinetiX Fusion Digital Signage 3.4.8 Unauthenticated Database Backup Disclosure — Fusion Digital SignageCWE-312 7.5AIHighAI2025-12-10
CVE-2020-36884 BrightSign Digital Signage Diagnostic Web Server 8.2.26 Unauthenticated SSRF — BrightSign Digital Signage Diagnostic Web ServerCWE-918 5.3AIMediumAI2025-12-10
CVE-2025-62181 Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by a User Enumeration where during user authentication process, a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not. — Pega InfinityCWE-204 5.3 Medium2025-12-10
CVE-2025-67460 Zoom Rooms for Windows - Software Downgrade Protection Mechanism Failure — Zoom RoomsCWE-693 7.8 High2025-12-10
CVE-2025-67635 Jenkins 安全漏洞 — Jenkins 7.5AIHighAI2025-12-10
CVE-2025-34395 Barracuda RMM < 2025.1.1 Service Center .NET Remoting Path Traversal RCE — RMMCWE-22 9.1AICriticalAI2025-12-10
CVE-2024-2104 JBL: Improper BLE security configurations and lack of authentication on the device's GATT server — LIVE PRO 2 TWSCWE-306 8.8 High2025-12-10
CVE-2025-13184 Unauthenticated Telnet enablement via cstecgi.cgi (auth bypass) leading to unauthenticated root login with a blank password — X5000R's (AX1800 router) 9.8AICriticalAI2025-12-10
CVE-2025-41732 Stack-based buffer overflow via unsafe sscanf in check_cookie() — Indsutrial-Managed-SwitchesCWE-121 9.8 Critical2025-12-10
CVE-2025-41730 Stack-based buffer overflow via unsafe sscanf in check_account() — Indsutrial-Managed-SwitchesCWE-121 9.8 Critical2025-12-10
CVE-2025-14390 Video Merchant <= 5.0.4 - Cross-Site Request Forgery to Arbitrary File Upload — Video MerchantCWE-434 8.8 High2025-12-10
CVE-2025-9315 Unauthenticated Device Registration Vulnerability in MXsecurity Series — MXsecurity SeriesCWE-915 9.4AICriticalAI2025-12-10
CVE-2025-13339 Hippoo Mobile App for WooCommerce <= 1.7.1 - Unauthenticated Arbitrary File Read — Hippoo Mobile App for WooCommerceCWE-22 7.5 High2025-12-10
CVE-2025-13613 Elated Membership <= 1.2 - Authentication Bypass via Social Login — Elated MembershipCWE-289 9.8 Critical2025-12-10
CVE-2025-65824 Meatmeet Pro BBQ Thermometer 安全漏洞 — n/a 7.5AIHighAI2025-12-10
CVE-2025-65828 Meatmeet Pro BBQ Thermometer 安全漏洞 — n/a 6.5AIMediumAI2025-12-10
CVE-2025-67495 ZITADEL Vulnerable to Account Takeover via DOM-Based XSS in Zitadel V2 Login — zitadelCWE-79 8.0 High2025-12-09
CVE-2025-67494 ZITADEL Vulnerable to Unauthenticated Full-Read SSRF via V2 Login — zitadelCWE-918 9.3 Critical2025-12-09
CVE-2023-53773 MiniDVBLinux 5.4 Unauthenticated Live Stream Disclosure via tv_action.sh — MiniDVBLinuxCWE-306 6.5AIMediumAI2025-12-09
CVE-2023-53771 MiniDVBLinux 5.4 Unauthenticated Root Password Change via System Setup — MiniDVBLinux Change Root Password PoCCWE-306 9.8AICriticalAI2025-12-09
CVE-2023-53770 MiniDVBLinux 5.4 Unauthenticated Configuration Download via Backup Endpoint — MiniDVBLinux(TM) Distribution (MLD)CWE-260 9.1AICriticalAI2025-12-09
CVE-2023-53739 Tinycontrol LAN Controller v3 LK3 1.58a Unauthenticated Configuration Backup Disclosure — Tinycontrol LAN Controller vCWE-260 9.1AICriticalAI2025-12-09
CVE-2021-47730 Selea Targa IP Camera Cross-Site Request Forgery via Admin Creation — Selea Targa IP OCR-ANPR CameraCWE-352 8.8AIHighAI2025-12-09
CVE-2021-47728 Selea Targa IP Camera Remote Code Execution via Utils — Selea Targa IP OCR-ANPR CameraCWE-78 9.8AICriticalAI2025-12-09

Vulnerabilities classified as access:pre-auth represent 18839 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.