Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

access:pre-auth — CVE vulnerabilities tagged 18802

18802 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPaused
CVE-2026-40289 PraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension sessions — PraisonAICWE-306 9.1 Critical2026-04-14
CVE-2026-4388 Form Maker by 10Web <= 1.15.40 - Unauthenticated Stored Cross-Site Scripting via Matrix Field Text Box — Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form BuilderCWE-79 7.2 High2026-04-14
CVE-2026-6264 Critical Security fix for the Talend JobServer and Talend Runtime — Talend JobServer 9.8 Critical2026-04-14
CVE-2026-4352 JetEngine <= 3.8.6.1 - Unauthenticated SQL Injection via '_cct_search' Parameter — JetEngineCWE-89 7.5 High2026-04-14
CVE-2026-4365 LearnPress <= 4.3.2.8 - Missing Authorization to Unauthenticated Arbitrary Quiz Answer Deletion — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-862 9.1 Critical2026-04-14
CVE-2026-34257 Open Redirect vulnerability in SAP NetWeaver Application Server ABAP — SAP NetWeaver Application Server ABAPCWE-601 6.1 Medium2026-04-14
CVE-2026-27674 Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java) — SAP NetWeaver Application Server Java (Web Dynpro Java)CWE-94 6.1 Medium2026-04-14
CVE-2026-24318 Insecure Session Management vulnerability in SAP BusinessObjects Business Intelligence Platform — SAP BusinessObjects Business Intelligence PlatformCWE-539 4.2 Medium2026-04-14
CVE-2026-0512 Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog) — SAP Supplier Relationship Management (SICF Handler in SRM Catalog)CWE-79 6.1 Medium2026-04-14
CVE-2025-65133 School-Management-System 安全漏洞 — n/a 7.5 -2026-04-14
CVE-2026-34069 nimiq-consensus panics via RequestMacroChain micro-block locator — core-rs-albatrossCWE-617 5.3 Medium2026-04-13
CVE-2026-6220 HummerRisk Video File Download URL ServerService.java ServerService.addServer server-side request forgery — HummerRiskCWE-918 4.7 Medium2026-04-13
CVE-2026-32271 Craft Commerce: SQL Injection can lead to Remote Code Execution via TotalRevenue Widget — commerceCWE-89 8.8 -2026-04-13
CVE-2026-32270 Craft Commerce: Unauthenticated information disclosure in `commerce/payments/pay` can leak some customer order data on anonymous payments — commerceCWE-200 5.3 -2026-04-13
CVE-2026-40044 Pachno 1.0.6 FileCache Deserialization Remote Code Execution — PachnoCWE-502 9.8 Critical2026-04-13
CVE-2026-40042 Pachno 1.0.6 Wiki TextParser XML External Entity Injection — PachnoCWE-403 9.8 Critical2026-04-13
CVE-2026-4810 Remote Code Execution in Google Agent Development Kit (ADK) — Agent Development Kit (ADK)CWE-306 9.8 -2026-04-13
CVE-2026-0233 Autonomous Digital Experience Manager: Improper validation of ADEM certificate — Autonomous Digital Experience ManagerCWE-295 8.8 -2026-04-13
CVE-2026-0234 Cortex XSOAR: Improper Verification of Cryptographic Signature in Microsoft Teams integration — Cortex XSOAR Microsoft Teams MarketplaceCWE-347 9.1 -2026-04-13
CVE-2026-3830 Product Filter for WooCommerce by WBW < 3.1.3 - Unauthenticated SQLi — Product Filter for WooCommerce by WBW 9.8 -2026-04-13
CVE-2026-6161 code-projects Simple ChatBox Endpoint insert.php sql injection — Simple ChatBoxCWE-89 7.3 High2026-04-13
CVE-2019-25709 CF Image Hosting Script 1.6.5 Unauthorized Database Access — CF Image Hosting ScriptCWE-552 9.8 Critical2026-04-12
CVE-2019-25706 Across DR-810 ROM-0 Unauthenticated File Disclosure — DR-810CWE-538 7.5 High2026-04-12
CVE-2019-25697 CMSsite 1.0 SQL Injection via category.php — CMSsiteCWE-89 8.2 High2026-04-12
CVE-2026-31845 Rukovoditel CRM 安全漏洞 — Rukovoditel CRMCWE-79 9.3 Critical2026-04-11
CVE-2026-5217 Optimole <= 4.2.2 - Unauthenticated Stored Cross-Site Scripting via Srcset Descriptor Parameter — Optimole – Optimize Images in Real TimeCWE-79 7.2 High2026-04-11
CVE-2026-5226 Optimole <= 4.2.3 - Reflected Cross-Site Scripting via Page Profiler URL — Optimole – Optimize Images in Real TimeCWE-79 6.1 Medium2026-04-11
CVE-2026-4156 ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability — Home FlexCWE-121 8.8AIHighAI2026-04-11
CVE-2026-4149 Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability — Era 300CWE-119 9.8 -2026-04-11
CVE-2026-5724 Missing Authentication on Streaming gRPC Replication Endpoint — temporalCWE-306 5.9 -2026-04-10

Vulnerabilities classified as access:pre-auth represent 18802 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.