Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18885

18885 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2024-8289 MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.0 - Missing Authorization to Limited Vendor Privilege Escalation/Account Takeover — MultiVendorX – WooCommerce Multivendor Marketplace SolutionsCWE-862 9.8 Critical2024-09-04
CVE-2024-7870 PixelYourSite – Your smart PIXEL (TAG) & API Manager <= 9.7.1 and PixelYourSite PRO <= 10.4.2 - Unauthenticated Information Exposure and Log Deletion — PixelYourSite – Your smart PIXEL (TAG) & API ManagerCWE-287 6.5 Medium2024-09-04
CVE-2024-8119 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Reflected Cross-Site Scripting via page — The Ultimate WordPress Toolkit – WP ExtendedCWE-79 6.1 Medium2024-09-04
CVE-2024-8117 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Reflected Cross-Site Scripting via selected_option — The Ultimate WordPress Toolkit – WP ExtendedCWE-79 6.1 Medium2024-09-04
CVE-2024-6926 Viral Signup <= 2.1 - Unauthenticated SQLi — Viral Signup 9.8AICriticalAI2024-09-04
CVE-2024-7786 Sensei LMS < 4.24.2 - Unauthenticated Email Template Leak — Sensei LMS 5.3AIMediumAI2024-09-04
CVE-2024-7950 WP Job Portal <= 2.1.6 - Missing Authorization to Unauthenticated Local File Inclusion, Arbitrary Settings Update, and User Creation — WP Job Portal – AI-Powered Recruitment System for Company or Job Board websiteCWE-22 9.8 Critical2024-09-04
CVE-2024-7261 Zyxel多款产品 操作系统命令注入漏洞 — NWA1123ACv3 firmwareCWE-78 9.8 Critical2024-09-03
CVE-2024-42058 Zyxel多款产品 代码问题漏洞 — ATP series firmwareCWE-476 7.5 High2024-09-03
CVE-2024-42057 Zyxel多款产品 操作系统命令注入漏洞 — ATP series firmwareCWE-78 8.1 High2024-09-03
CVE-2024-5412 Zyxel VMG8825-T50K 安全漏洞 — VMG8825-T50K firmwareCWE-120 7.5 High2024-09-03
CVE-2024-7691 Flaming Forms <= 1.0.1 - Unauthenticated Stored XSS — Flaming Forms 6.1AIMediumAI2024-09-02
CVE-2024-3886 tagDiv Composer <= 5.0 - Reflected Cross-Site Scripting via envato_code[] — tagDiv ComposerCWE-79 6.1 Medium2024-08-31
CVE-2024-5212 tagDiv Composer <= 5.0 - Reflected Cross-Site Scripting via envato_code[] — tagDiv ComposerCWE-79 6.1 Medium2024-08-31
CVE-2024-8274 WP Booking Calendar <= 10.5 - Reflected Cross-Site Scripting — Booking CalendarCWE-79 6.1 Medium2024-08-30
CVE-2024-8319 Tourfic <= 2.11.20 - Cross-Site Request Forgery in Multiple Functions — Tourfic – Travel Booking, Hotel Booking & Car Rental WordPress PluginCWE-352 4.3 Medium2024-08-30
CVE-2024-39300 ELECOM WAB-I1750-PS 安全漏洞 — WAB-I1750-PS 7.5AIHighAI2024-08-30
CVE-2024-5024 MemberPress <= 1.11.29 - Reflected Cross-Site Scripting via mepr_screenname and mepr_key Parameters — MemberpressCWE-79 6.1 Medium2024-08-30
CVE-2024-8234 Zyxel NWA1100-N 操作系统命令注入漏洞 — NWA1100-N firmwareCWE-78 7.5 High2024-08-30
CVE-2024-6671 WhatsUp Gold GetStatisticalMonitorList SQL Injection Authentication Bypass Vulnerability — WhatsUp GoldCWE-89 9.8 Critical2024-08-29
CVE-2024-6670 WhatsUp Gold HasErrors SQL Injection Authentication Bypass Vulnerability — WhatsUp GoldCWE-89 9.8 Critical2024-08-29
CVE-2024-3679 Premium SEO Pack – WP SEO Plugin <= 1.6.002 - Unauthenticated Information Exposure — Premium SEO Pack – WP SEO PluginCWE-200 5.3 Medium2024-08-29
CVE-2024-2541 Popup Builder <= 4.3.6 - Sensitive Information Exposure via Imported Subscribers CSV File — Popup Builder – Create highly converting, mobile friendly marketing popups.CWE-200 5.3 Medium2024-08-29
CVE-2024-6551 GiveWP <= 3.15.1 - Unauthenticated Full Path Disclosure — GiveWP – Donation Plugin and Fundraising PlatformCWE-200 5.3 Medium2024-08-29
CVE-2024-5857 Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free <= 3.7.3.2 - Missing Authorization to Unauthenticated Arbitrary Media Deletion — Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms FreeCWE-862 5.3 Medium2024-08-29
CVE-2024-45043 OpenTelemetry Collector AWS Firehose Receiver Authentication Bypass Vulnerability — opentelemetry-collector-contribCWE-200 5.3 Medium2024-08-28
CVE-2024-20446 Cisco NX-OS Software DHCPv6 Relay Agent Denial of Service Vulnerability — Cisco NX-OS SoftwareCWE-476 8.6 High2024-08-28
CVE-2024-8195 Permalink Manager Lite <= 2.4.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure — Permalink Manager LiteCWE-862 5.3 Medium2024-08-28
CVE-2024-6450 Reflected XSS in HyperView Geoportal Toolkit — Geoportal ToolkitCWE-79 6.1AIMediumAI2024-08-28
CVE-2024-6449 Arbitrary cross-domain file inclusion in HyperView Geoportal Toolkit — Geoportal ToolkitCWE-942 6.5AIMediumAI2024-08-28

Vulnerabilities classified as access:pre-auth represent 18885 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.