Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18816

18816 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2026-40245 Free5GC: UDR nudr-dr influenceData/subs-to-notify leaks SUPI in error response body without authentication — free5gcCWE-200 7.5 High2026-04-15
CVE-2026-40173 Dgraph: Unauthenticated pprof endpoint leaks admin auth token — dgraphCWE-200 9.4 Critical2026-04-15
CVE-2026-39857 Information Disclosure via `choices`/`counts` Query Parameters Bypassing publicApiProjection Field Restrictions — apostropheCWE-200 5.3 Medium2026-04-15
CVE-2026-33888 ApostropheCMS: publicApiProjection Bypass via `project` Query Builder in Piece-Type REST API — apostropheCWE-863 5.3 Medium2026-04-15
CVE-2026-33877 ApostropheCMS: User Enumeration via Timing Side Channel in Password Reset Endpoint — apostropheCWE-208 3.7 Low2026-04-15
CVE-2026-5189 Nexus Repository 3 - Hardcoded Credential in Internal Database Component — Nexus RepositoryCWE-798 9.8 -2026-04-15
CVE-2026-20059 Cisco Unity Connection Reflected Cross-Site Scripting Vulnerability — Cisco Unity ConnectionCWE-79 6.1 Medium2026-04-15
CVE-2026-20060 Cisco Unity Connection Open Redirect Vulnerability — Cisco Unity ConnectionCWE-601 4.7 Medium2026-04-15
CVE-2026-20170 Cisco Webex Contact Center 安全漏洞 — Cisco Webex Contact CenterCWE-80 6.1 Medium2026-04-15
CVE-2026-20184 Cisco Webex Meetings Certificate Validation Vulnerability — Cisco Webex MeetingsCWE-295 9.8 Critical2026-04-15
CVE-2026-20152 Cisco Secure Web Appliance Authentication Service Traffic Bypass Vulnerability — Cisco Secure Web ApplianceCWE-305 5.3 Medium2026-04-15
CVE-2026-5387 AVEVA Pipeline Simulation Missing Authorization — Pipeline Simulation 2025CWE-862 9.8 -2026-04-15
CVE-2026-1852 Product Pricing Table by WooBeWoo <= 1.1.0 - Cross-Site Request Forgery to Stored XSS and Pricing Table Deletion — Product Pricing Table by WooBeWooCWE-352 6.1 Medium2026-04-15
CVE-2026-33808 @fastify/express vulnerable to middleware authentication bypass via URL normalization gaps (duplicate slashes and semicolons) — @fastify/expressCWE-436 9.1 -2026-04-15
CVE-2026-3643 Accessibly <= 3.0.3 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Widget Source Injection via REST API — Accessibly – WordPress Website AccessibilityCWE-79 7.2 High2026-04-15
CVE-2026-1782 MetForm Pro <= 3.9.7 - Unauthenticated Payment Amount Manipulation via 'mf-calculation' — MetForm ProCWE-20 5.3 Medium2026-04-15
CVE-2026-4091 OPEN-BRAIN <= 0.5.0 - Cross-Site Request Forgery — OPEN-BRAINCWE-352 6.1 Medium2026-04-15
CVE-2026-3461 Visa Acceptance Solutions <= 2.1.0 - Unauthenticated Authentication Bypass via Billing Email — Visa Acceptance SolutionsCWE-288 9.8 Critical2026-04-15
CVE-2026-4002 Petje.af <= 2.1.8 - Cross-Site Request Forgery to Account Deletion via 'petjeaf_disconnect' AJAX Action — Petje.afCWE-352 4.3 Medium2026-04-15
CVE-2026-5694 Quick Interest Slider <= 3.1.5 - Unauthenticated Stored Cross-Site Scripting — Quick Interest SliderCWE-79 7.2 High2026-04-15
CVE-2026-6293 Inquiry form to posts or pages <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'inq_header' Parameter — Inquiry form to posts or pagesCWE-352 4.3 Medium2026-04-15
CVE-2026-1555 WebStack <= 1.2024 - Unauthenticated Arbitrary File Upload — WebStackCWE-434 9.8 Critical2026-04-15
CVE-2026-4812 Advanced Custom Fields (ACF®) <= 6.7.0 - Unauthenticated Missing Authorization to Arbitrary Post/Page Disclosure via AJAX Field Query Parameters — Advanced Custom Fields (ACF®)CWE-862 5.3 Medium2026-04-15
CVE-2026-2834 Age Verification & Identity Verification by Token of Trust <= 3.32.3 - Unauthenticated Stored Cross-Site Scripting via 'description' Parameter — Age Verification & Identity Verification by Token of TrustCWE-79 7.2 High2026-04-15
CVE-2026-30994 Slah CMS 安全漏洞 — n/a 7.5 -2026-04-15
CVE-2026-1314 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery <= 1.16.17 - Missing Authorization to Unauthenticated Private/Draft Flipbook Data Exposure — 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image GalleryCWE-862 5.3 Medium2026-04-14
CVE-2026-35033 Jellyfin: Potential SSRF + Arbitrary file read via stream argument injection — jellyfinCWE-88 7.5 -2026-04-14
CVE-2026-34457 OAuth2 Proxy: Health Check User-Agent Matching Bypasses Authentication in auth_request Mode — oauth2-proxyCWE-290 9.1 Critical2026-04-14
CVE-2026-33146 Docmost's Public Share Search Exposes Metadata of Restricted Children — docmostCWE-285 4.3 Medium2026-04-14
CVE-2025-15565 Nexi XPay <= 8.3.0 - Missing Authorization to Unauthenticated Order Status Modification — Nexi XPayCWE-862 5.3 Medium2026-04-14

Vulnerabilities classified as access:pre-auth represent 18816 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.