Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18839

18839 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2025-42893 Open Redirect vulnerability in SAP Business Connector — SAP Business ConnectorCWE-601 6.1 Medium2025-11-11
CVE-2025-42886 Reflected Cross-Site Scripting (XSS) vulnerability in SAP Business Connector — SAP Business ConnectorCWE-79 6.1 Medium2025-11-11
CVE-2025-42885 Missing authentication in SAP HANA 2.0 (hdbrss) — SAP HANA 2.0 (hdbrss)CWE-306 5.8 Medium2025-11-11
CVE-2025-42884 JNDI Injection vulnerability in SAP NetWeaver Enterprise Portal — SAP NetWeaver Enterprise PortalCWE-943 6.5 Medium2025-11-11
CVE-2021-4462 Employee Records System v1.0 Arbitrary File Upload RCE — Employee Records SystemCWE-434 9.8 -2025-11-10
CVE-2018-25124 PacsOne Server 6.6.2 DICOM Web Viewer Directory Traversal LFI — PacsOne ServerCWE-22 7.5 -2025-11-10
CVE-2025-64513 Milvus Proxy has Critical Authentication Bypass Vulnerability — milvusCWE-287 9.8 -2025-11-10
CVE-2025-43723 Dell PowerScale OneFS 加密问题漏洞 — PowerScale OneFSCWE-327 5.9 Medium2025-11-10
CVE-2025-41731 Jumo: Insufficient entropy in PRNG may lead to root access — variTRON300CWE-338 7.4 High2025-11-10
CVE-2025-12868 CyberTutor|New Site Server - Use of Client-Side Authentication — New Site ServerCWE-603 9.8 Critical2025-11-10
CVE-2025-12866 Hundred Plus|EIP Plus - Weak Password Recovery Mechanism — EIP PlusCWE-640 9.8 Critical2025-11-10
CVE-2025-12098 Academy LMS Pro <= 3.3.8 - Unauthenticated Sensitive Information Exposure via 'enqueue_social_login_script' — Academy LMS ProCWE-200 5.3 Medium2025-11-08
CVE-2025-12193 Mang Board WP <= 2.3.1 - Reflected Cross-Site Scripting — Mang Board WPCWE-79 6.1 Medium2025-11-08
CVE-2025-7663 Ovatheme Events Manager <= 1.8.6 - Missing Authorization — Ovatheme Events ManagerCWE-862 6.5 Medium2025-11-08
CVE-2025-12042 Course Booking System <= 6.1.5 - Missing Authorization to Unauthenticated Booking Data Export — Course Booking SystemCWE-862 5.3 Medium2025-11-08
CVE-2025-12353 WPFunnels <= 3.6.2 - Unauthorized User Registration — WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click UpsellCWE-639 5.3 Medium2025-11-08
CVE-2025-12064 WP2Social Auto Publish <= 2.4.7 - Reflected Cross-Site Scripting via PostMessage — WP2Social Auto PublishCWE-79 6.1 Medium2025-11-08
CVE-2025-12177 Download Manager <= 3.3.30 - Unauthenticated Cron Trigger due to Hardcoded Cron Key — Download ManagerCWE-321 5.3 Medium2025-11-08
CVE-2025-11452 Asgaros Forum <= 3.1.0 - Unauthenticated SQL Injection — Asgaros ForumCWE-89 7.5 High2025-11-08
CVE-2025-64491 SuiteCRM is vulnerable to unauthenticated reflected XSS through its Login page — SuiteCRMCWE-79 6.1 Medium2025-11-08
CVE-2025-10230 Samba: command injection in wins server hook script CWE-78 10.0 Critical2025-11-07
CVE-2025-34299 Monsta FTP <= 2.11 Unauthenticated Arbitrary File Upload — Monsta FTPCWE-434 9.8 -2025-11-07
CVE-2025-12352 Gravity Forms <= 2.9.20 - Unauthenticated Arbitrary File Upload via 'copy_post_image' — Gravity FormsCWE-434 9.8 Critical2025-11-07
CVE-2025-5483 LC Wizard 1.2.10 - 1.3.0 - Missing Authorization to Unauthenticated Privilege Escalation — Connector Wizard (formerly LC Wizard)CWE-862 8.1 High2025-11-07
CVE-2025-11546 NEC EXPRESSCLUSTER X和NEC EXPRESSCLUSTER X SingleServerSafe 安全漏洞 — CLUSTERPRO X for Linux (EXPRESSCLUSTER X for Linux)CWE-78 6.5 -2025-11-07
CVE-2025-64173 Apollo Router Core: Access Control Bypass on Polymorphic Types — routerCWE-288 7.5 High2025-11-06
CVE-2022-50590 SuiteCRM < 7.12.6 Type Confusion via 'deleteAttachment' Functionality — SuiteCRMCWE-843 7.5 -2025-11-06
CVE-2022-50589 SuiteCRM < 7.12.6 SQL Injection via 'export' Functionality — SuiteCRMCWE-89 9.8 -2025-11-06
CVE-2022-50596 D-Link DIR-1260 <= v1.20B05 GetDeviceSettings Unauthenticated Command Injection — DIR-1260CWE-78 9.8 -2025-11-06
CVE-2025-36054 Cross-site scripting vulnerability affect IBM Business Automation Workflow Process Federation Server - — Business Automation Workflow containersCWE-79 6.1 Medium2025-11-06

Vulnerabilities classified as access:pre-auth represent 18839 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.