Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18802

18802 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2026-34159 llama.cpp: Unauthenticated RCE via GRAPH_COMPUTE buffer=0 bypass in llama.cpp RPC backend — llama.cppCWE-119 9.8 Critical2026-04-01
CVE-2026-34076 Clerk JavaScript: SSRF in the opt-in clerkFrontendApiProxy feature may leak secret keys to unintended host — javascriptCWE-918 7.4 High2026-04-01
CVE-2026-34072 cronmaster: Middleware authentication bypass enabling unauthorized page access and server-action execution — cronmasterCWE-287 8.3 High2026-04-01
CVE-2026-20160 Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability — Cisco Smart Software Manager On-PremCWE-668 9.8 Critical2026-04-01
CVE-2026-20093 Cisco Integrated Management Controller Authentication Bypass Vulnerability — Cisco Enterprise NFV Infrastructure SoftwareCWE-20 9.8 Critical2026-04-01
CVE-2026-20085 Cisco Integrated Management Controller Cross-Site Scripting Vulnerability — Cisco Enterprise NFV Infrastructure SoftwareCWE-79 6.1 Medium2026-04-01
CVE-2026-20041 Cisco Nexus Dashboard Server Side Request Forgery Vulnerability — Cisco Nexus DashboardCWE-918 6.1 Medium2026-04-01
CVE-2026-2265 Replicator 1.0.5 is vulnerable to Remote Code Execution through Insecure Deserialization — Replicator 9.8AICriticalAI2026-04-01
CVE-2026-33949 @tinacms/graphql has Path Traversal that leads to overwrite of arbitrary files — tinacmsCWE-22 8.1 High2026-04-01
CVE-2026-34999 OpenViking 0.2.5 < 0.2.14 Bot Proxy Endpoints Allow Unauthenticated Access — OpenVikingCWE-306 5.3 Medium2026-04-01
CVE-2026-35092 Corosync: corosync: denial of service via integer overflow in join message validation — Red Hat Enterprise Linux 10CWE-190 7.5 High2026-04-01
CVE-2026-35091 Corosync: corosync: denial of service and information disclosure via crafted udp packet — Red Hat Enterprise Linux 10CWE-253 8.2 High2026-04-01
CVE-2026-29014 MetInfo CMS Unauthenticated PHP Code Injection RCE — MetInfo CMSCWE-94 9.8 Critical2026-04-01
CVE-2026-0932 M-Files Server 安全漏洞 — M-Files ServerCWE-918 8.2AIHighAI2026-04-01
CVE-2026-4370 Improper TLS Client/Server authentication and certificate verification on Database Cluster — JujuCWE-295 10.0 Critical2026-04-01
CVE-2026-2696 Export All URLs < 5.1 - Unauthenticated Sensitive Data Exposure — Export All URLs 7.5AIHighAI2026-04-01
CVE-2025-15484 Order Notification for WooCommerce < 3.6.3 - Unauthenticated WooCommerce REST Permission Bypass — Order Notification for WooCommerce 9.1AICriticalAI2026-04-01
CVE-2025-67805 Sage DPW 安全漏洞 — n/a 5.9 Medium2026-04-01
CVE-2026-34605 SiYuan: Reflected XSS via SVG namespace prefix bypass in SanitizeSVG ( getDynamicIcon, unauthenticated ) — siyuanCWE-79 6.1 -2026-03-31
CVE-2026-34453 SiYuan: Broken access control in /api/bookmark/getBookmark allows unauthenticated publish visitors to read password-protected bookmarked content — siyuanCWE-863 7.5 High2026-03-31
CVE-2026-34733 AVideo: Unauthenticated File Deletion via PHP Operator Precedence Bug in CLI Guard — AVideoCWE-284 6.5 Medium2026-03-31
CVE-2026-34732 AVideo: Missing Authentication in CreatePlugin list.json.php Template Affects 21 Endpoints — AVideoCWE-306 5.3 Medium2026-03-31
CVE-2026-34731 AVideo: Unauthenticated Live Stream Termination via RTMP Callback on_publish_done.php — AVideoCWE-306 7.5 High2026-03-31
CVE-2026-34381 Admidio: Unauthenticated Access to Role-Restricted documents via neutralized .htaccess — admidioCWE-284 7.5 High2026-03-31
CVE-2026-1579 PX4 Autopilot Missing authentication for critical function — AutopilotCWE-306 9.8 Critical2026-03-31
CVE-2026-34361 HAPI FHIR: Unauthenticated SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token Theft — org.hl7.fhir.coreCWE-552 9.3 Critical2026-03-31
CVE-2026-34360 HAPI FHIR: Unauthenticated Blind SSRF via /loadIG Endpoint Enables Internal Network Probing — org.hl7.fhir.coreCWE-918 5.8 Medium2026-03-31
CVE-2026-34240 jose vulnerable to untrusted JWK header key acceptance during signature verification — joseCWE-347 7.5 High2026-03-31
CVE-2026-34227 Sliver One-Click Remote Access: Insecure CORS & Unauthenticated MCP Interface — sliverCWE-306 8.8AIHighAI2026-03-31
CVE-2026-34573 Parse Server: GraphQL complexity validator exponential fragment traversal DoS — parse-serverCWE-407 7.5AIHighAI2026-03-31

Vulnerabilities classified as access:pre-auth represent 18802 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.