Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18839

18839 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2025-66255 Unauthenticated Arbitrary File Upload (upgrade_contents.php) — Mozart FM TransmitterCWE-345 9.1AICriticalAI2025-11-26
CVE-2025-66254 Unauthenticated Arbitrary File Deletion (upgrade_contents.php) — Mozart FM TransmitterCWE-73 8.1AIHighAI2025-11-26
CVE-2025-66253 Unauthenticated OS Command Injection (start_upgrade.php) — Mozart FM TransmitterCWE-78 8.8AIHighAI2025-11-26
CVE-2025-66251 Unauthenticated Path Traversal with Arbitrary File Deletion — Mozart FM TransmitterCWE-22 6.5AIMediumAI2025-11-26
CVE-2025-66250 Unauthenticated Arbitrary File Upload (status_contents.php) — Mozart FM TransmitterCWE-434 9.8AICriticalAI2025-11-26
CVE-2025-65276 hashtech 安全漏洞 — n/a 9.8AICriticalAI2025-11-26
CVE-2025-65278 GroceryMart 安全漏洞 — n/a 9.1AICriticalAI2025-11-26
CVE-2025-13597 AI Feeds <= 1.0.11 - Unauthenticated Arbitrary File Upload — AI FeedsCWE-434 9.8 Critical2025-11-25
CVE-2025-13595 CIBELES AI <= 1.10.8 - Unauthenticated Arbitrary File Upload — CIBELES AICWE-434 9.8 Critical2025-11-25
CVE-2025-12816 CVE-2025-12816 — node-forge 7.5AIHighAI2025-11-25
CVE-2025-34350 UnForm Server < 10.1.15 Doc Flow Unauthenticated File Read — UnForm ServerCWE-22 7.5AIHighAI2025-11-25
CVE-2025-13483 Missing Authentication for Critical Function in SiRcom SMART Alert (SiSA) — SMART Alert (SiSACWE-306 9.4AICriticalAI2025-11-25
CVE-2025-0248 HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability, — iNotesCWE-20 8.1 High2025-11-25
CVE-2025-12003 ASUS Router 安全漏洞 — RouterCWE-306 9.1AICriticalAI2025-11-25
CVE-2025-12587 Peer Publish <= 1.0 - Cross-Site Request Forgery — Peer PublishCWE-352 4.3 Medium2025-11-25
CVE-2025-13386 Social Images Widget <= 2.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Settings Deletion — Social Images WidgetCWE-862 5.3 Medium2025-11-25
CVE-2025-12525 Locker Content <= 1.0.0 - Unauthenticated Information Exposure — Locker ContentCWE-200 5.3 Medium2025-11-25
CVE-2025-13389 Admin and Customer Messages After Order for WooCommerce: OrderConvo <= 14 - Missing Authorization to Unauthenticated Information Disclosure — Admin and Customer Messages After Order for WooCommerce: OrderConvoCWE-639 5.3 Medium2025-11-25
CVE-2025-12040 Wishlist for WooCommerce <= 1.1.3 - Insecure Direct Object Reference to Unauthenticated Wishlist Manipulation — Wishlist for WooCommerceCWE-639 6.5 Medium2025-11-25
CVE-2025-12586 Conditional Maintenance Mode for WordPress <= 1.0.0 - Cross-Site Request Forgery — Conditionnal Maintenance Mode for WordPressCWE-352 4.3 Medium2025-11-25
CVE-2025-13452 Admin and Customer Messages After Order for WooCommerce: OrderConvo <= 14 - Missing Authorization to Unauthenticated User Impersonation in Order Messages — Admin and Customer Messages After Order for WooCommerce: OrderConvoCWE-639 4.3 Medium2025-11-25
CVE-2025-13383 Job Board by BestWebSoft <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via $_GET Array Storage — Job Board by BestWebSoftCWE-79 6.1 Medium2025-11-25
CVE-2025-13414 Chamber Dashboard Business Directory <= 3.3.11 - Missing Authorization to Unauthenticated Business Information Export — Chamber Dashboard Business DirectoryCWE-862 5.3 Medium2025-11-25
CVE-2025-12043 Autochat Automatic Conversation <= 1.1.9 - Missing Authorization to Unauthenticated Settings Update — Autochat Automatic ConversationCWE-862 5.3 Medium2025-11-25
CVE-2025-64693 Intercom MaLion Security Point 安全漏洞 — Security Point (Windows) of MaLionCWE-122 9.8AICriticalAI2025-11-25
CVE-2025-62691 Intercom MaLion Security Point 安全漏洞 — Security Point (Windows) of MaLionCWE-121 9.8AICriticalAI2025-11-25
CVE-2025-13068 Telegram Bot & Channel <= 4.1 - Unauthenticated Stored Cross-Site Scripting via Telegram Username — Telegram Bot & ChannelCWE-79 7.2 High2025-11-25
CVE-2025-13559 EduKart Pro <= 1.0.3 - Unauthenticated Privilege Escalation — EduKart ProCWE-269 9.8 Critical2025-11-25
CVE-2025-64304 FujiTelevison FOD app 安全漏洞 — "FOD" App for AndroidCWE-321 5.5AIMediumAI2025-11-25
CVE-2025-6389 Sneeit Framework <= 8.3 - Unauthenticated Remote Code Execution in sneeit_articles_pagination_callback — Sneeit FrameworkCWE-94 9.8 Critical2025-11-25

Vulnerabilities classified as access:pre-auth represent 18839 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.