Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18802

18802 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2026-20719 DoS via URL Previews Rendering Malicious SVGs — MattermostCWE-754 4.3 Medium2026-03-25
CVE-2026-26233 Denial of Service via HTTP/2 single packet attack on login endpoint — MattermostCWE-400 4.3 Medium2026-03-25
CVE-2026-20113 Cisco IOS XE Software 注入漏洞 — Cisco IOS XE SoftwareCWE-93 5.3 Medium2026-03-25
CVE-2026-20115 Cisco IOS XE Software 安全漏洞 — Cisco IOS XE SoftwareCWE-319 6.1 Medium2026-03-25
CVE-2026-20104 Cisco多款产品 安全漏洞 — Cisco IOS XE SoftwareCWE-124 6.1 Medium2026-03-25
CVE-2026-20004 Cisco IOS XE Software 安全漏洞 — Cisco IOS XE SoftwareCWE-771 7.4 High2026-03-25
CVE-2024-58341 OpenCart Core 4.0.2.3 SQL Injection via search Parameter — OpenCart CoreCWE-89 8.2 High2026-03-25
CVE-2026-20012 Cisco多款产品 安全漏洞 — IOSCWE-401 8.6 High2026-03-25
CVE-2026-20086 Cisco IOS XE Wireless Controller software 安全漏洞 — Cisco IOS XE SoftwareCWE-230 8.6 High2026-03-25
CVE-2026-20084 Cisco IOS XE Software 资源管理错误漏洞 — Cisco IOS XE SoftwareCWE-400 8.6 High2026-03-25
CVE-2026-33268 Nanoleaf Lines unauthenticated firmware file store — LinesCWE-400 6.5 Medium2026-03-25
CVE-2026-23375 mm: thp: deny THP for files on anonymous inodes — Linux 5.5 -2026-03-25
CVE-2026-32326 SHARP多款产品 访问控制错误漏洞 — home 5G HR01CWE-306 9.1 -2026-03-25
CVE-2024-51348 BS Producten Petcam 安全漏洞 — n/a 8.8 -2026-03-25
CVE-2026-33419 MinIO: LDAP login brute-force via user enumeration and missing rate limit — minioCWE-204 9.8 -2026-03-24
CVE-2026-33511 pyload-ng: Authentication Bypass via Host Header Injection in ClickNLoad — pyloadCWE-639 8.2 -2026-03-24
CVE-2026-33314 pyload-ng: Improper Authentication and Origin Validation Error — pyloadCWE-287 6.5 Medium2026-03-24
CVE-2026-29772 Astro: Memory exhaustion DoS due to missing request body size limit in Server Islands — astroCWE-770 5.9 Medium2026-03-24
CVE-2026-23923 Unauthenticated arbitrary PHP class instantiation — ZabbixCWE-470 9.8 -2026-03-24
CVE-2026-33538 Parse Server: Denial of service via unindexed database query for unconfigured auth providers — parse-serverCWE-400 7.5 -2026-03-24
CVE-2026-33498 Parse Server: Query condition depth bypass via pre-validation transform pipeline — parse-serverCWE-674 7.5 -2026-03-24
CVE-2026-2417 Missing Authentication for Critical Function in Pharos Controls Mosaic Show Controller — Mosaic Show ControllerCWE-306 9.8 -2026-03-24
CVE-2026-33323 Parse Server: Email verification resend page leaks user existence — parse-serverCWE-204 5.3 -2026-03-24
CVE-2026-33160 Craft CMS: Anonymous "generate transform" calls for assets can expose private assets via transform URL — cmsCWE-639 5.3 -2026-03-24
CVE-2026-33159 Craft CMS: Unauthenticated users could execute project configuration sync operations that should be restricted trusted users — cmsCWE-306 8.6 -2026-03-24
CVE-2026-33340 LoLLMs WEBUI has unauthenticated Server-Side Request Forgery (SSRF) in /api/proxy endpoint — lollms-webuiCWE-306 9.1 Critical2026-03-24
CVE-2026-33484 Langflow has Unauthenticated IDOR on Image Downloads — langflowCWE-284 7.5 High2026-03-24
CVE-2026-33475 Langflow GitHub Actions Shell Injection — langflowCWE-74 9.1 Critical2026-03-24
CVE-2019-25643 eNdonesia Portal v8.7 SQL Injection via banners.php — eNdonesia PortalCWE-89 8.2 High2026-03-24
CVE-2019-25642 Bootstrapy CMS Lastest Multiple SQL Injection via Forum and Contact Modules — Bootstrapy CMSCWE-89 8.2 High2026-03-24

Vulnerabilities classified as access:pre-auth represent 18802 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.