Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18867

18867 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2024-8525 Automated Logic WebCTRL and Carrier i-Vu Unrestricted File Upload — WebCTRLCWE-434 9.8AICriticalAI2024-11-21
CVE-2024-28892 GoCast 操作系统命令注入漏洞 — GoCastCWE-78 9.8 Critical2024-11-21
CVE-2024-29224 GoCast 操作系统命令注入漏洞 — GoCastCWE-78 9.8 Critical2024-11-21
CVE-2024-21855 GoCast 访问控制错误漏洞 — GoCastCWE-306 9.8 Critical2024-11-21
CVE-2024-11088 Simple Membership <= 4.5.5 - Exposure of Private Personal Information to an Unauthorized Actor — Simple MembershipCWE-200 5.3 Medium2024-11-21
CVE-2024-11089 Anonymous Restricted Content <= 1.6.5 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure — Anonymous Restricted ContentCWE-200 5.3 Medium2024-11-21
CVE-2024-10792 Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels <= 3.5.5 - Reflected Cross-Site Scripting — WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click UpsellCWE-79 6.1 Medium2024-11-21
CVE-2024-10675 affiliate-toolkit <= 3.6.7 - Reflected Cross-Site Scripting — affiliate-toolkit – Multi-Network Affiliate & Amazon Product DisplayCWE-79 6.1 Medium2024-11-21
CVE-2024-11371 Theater for WordPress <= 0.18.6.2 - Reflected Cross-Site Scripting — Theater for WordPressCWE-79 6.1 Medium2024-11-21
CVE-2024-11456 Run Contests, Raffles, and Giveaways with ContestsWP <= 2.0.3 - Reflected Cross-Site Scripting — Run Contests, Raffles, and Giveaways with ContestsWPCWE-79 6.1 Medium2024-11-21
CVE-2024-10400 Tutor LMS <= 2.7.6 - Unauthenticated SQL Injection via rating_filter — Tutor LMS – eLearning and online course solutionCWE-89 7.5 High2024-11-21
CVE-2024-10890 WPAdverts – Classifieds Plugin <= 2.1.7 - Reflected Cross-Site Scripting — WPAdverts – Classifieds PluginCWE-79 6.1 Medium2024-11-21
CVE-2024-10393 Tutor LMS <= 2.7.6 - User Registration Setting Bypass to Unauthorized User Registration — Tutor LMS – eLearning and online course solutionCWE-284 5.3 Medium2024-11-21
CVE-2024-11334 My Contador lesr <= 2.0 - Missing Authorization to Unauthenticated User Registration CSV Export — My Contador lesrCWE-862 4.3 Medium2024-11-21
CVE-2024-10788 Activity Log – Monitor & Record User Changes <= 2.11.1 - Unauthenticated Stored Cross-Site Scripting via Event Context — Activity Log – Monitor & Record User ChangesCWE-79 7.2 High2024-11-21
CVE-2024-10623 ForumEngine <= 1.8 - Reflected Cross-Site Scripting — ForumEngineCWE-79 6.1 Medium2024-11-21
CVE-2024-9371 Branda – White Label & Branding, Custom Login Page Customizer <= 3.4.19 - Reflected Cross-Site Scripting — Branda – White Label & Branding, Free Login Page CustomizerCWE-79 6.1 Medium2024-11-21
CVE-2024-11365 Crypto and DeFi Widgets – Web3 Cryptocurrency Shortcodes <= 1.1.6 - Reflected Cross-Site Scripting — Crypto and DeFi Widgets – Web3 Cryptocurrency ShortcodesCWE-79 6.1 Medium2024-11-21
CVE-2024-11416 WIP Incoming Lite <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting — WIP Incoming LiteCWE-352 6.1 Medium2024-11-21
CVE-2024-11360 Page Parts <= 1.4.3 - Reflected Cross-Site Scripting — Page PartsCWE-79 6.1 Medium2024-11-21
CVE-2024-10522 Co-marquage service-public.fr <= 0.5.76 - Reflected Cross-Site Scripting via add_query_arg Parameter — Co-marquage service-public.frCWE-79 6.1 Medium2024-11-21
CVE-2024-11435 salavat counter Plugin <= 0.9.4 - Reflected Cross-Site Scripting — salavat counter PluginCWE-79 6.1 Medium2024-11-21
CVE-2024-10726 Friendly Functions for Welcart <= 1.2.4 - Cross-Site Request Forgery to Reflected Cross-Site Scripting — Friendly Functions for WelcartCWE-352 6.1 Medium2024-11-21
CVE-2024-11370 Subaccounts for WooCommerce <= 1.6.0 - Reflected Cross-Site Scripting — Subaccounts for WooCommerceCWE-79 6.1 Medium2024-11-21
CVE-2024-10682 Bulletin Announcements <= 3.11.7 - Reflected Cross-Site Scripting — Announcement & Notification Banner – BulletinCWE-79 6.1 Medium2024-11-21
CVE-2024-11447 Community by PeepSo – Social Network, Membership, Registration, User Profiles, Premium – Mobile App <=7.0.3.0 - Reflected Cross-Site Scripting — Community by PeepSo – Download from PeepSo.comCWE-79 6.1 Medium2024-11-21
CVE-2024-10913 Clone <= 2.4.6 - Unauthenticated PHP Object Injection via 'recursive_unserialized_replace' — CloneCWE-502 8.8 High2024-11-20
CVE-2024-10520 WP Project Manager <= 2.6.14 - Missing Authorization to Project Milestone and Task Creation/Deletion — Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time TrackerCWE-862 5.3 Medium2024-11-20
CVE-2024-11494 Zyxel P-6101C 授权问题漏洞 — P-6101C firmwareCWE-287 7.5 High2024-11-20
CVE-2024-47865 Rakuten Turbo 5G 安全漏洞 — Rakuten Turbo 5GCWE-306 5.3 Medium2024-11-20

Vulnerabilities classified as access:pre-auth represent 18867 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.