Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18802

18802 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2026-32940 SiYuan has a SanitizeSVG bypass via data:text/xml in getDynamicIcon (incomplete fix for CVE-2026-29183) — siyuanCWE-79 9.3 Critical2026-03-20
CVE-2026-32890 Anchorr: Stored XSS in User Mapping dropdown allows unprivileged Discord users to exfiltrate all secrets via /api/config — AnchorrCWE-79 9.7 Critical2026-03-20
CVE-2026-21992 Oracle Identity Manager 安全漏洞 — Oracle Identity Manager 9.8 Critical2026-03-20
CVE-2026-4465 D-Link DIR-513 formSysCmd os command injection — DIR-513CWE-78 6.3 Medium2026-03-20
CVE-2026-32817 Admidio is Missing Authorization and CSRF Protection on Document and Folder Deletion — admidioCWE-862 9.1 Critical2026-03-20
CVE-2026-32873 ewe: Loop with Unreachable Exit Condition ('Infinite Loop') — eweCWE-825 7.5 High2026-03-20
CVE-2026-32985 Xerte Online Toolkits <= 3.14 Unauthenticated Template Import Arbitrary File Upload Leading to Remote Code Execution — Xerte Online ToolkitsCWE-306 9.8 Critical2026-03-20
CVE-2026-33368 Zimbra Collaboration Suite(ZCS) 安全漏洞 — n/a 6.1 -2026-03-20
CVE-2026-32761 File Browser has an Authorization Policy Bypass in its Public Share Download Flow — filebrowserCWE-284 6.5 Medium2026-03-19
CVE-2026-32760 File Browser Self Registration Grants Any User Admin Access When Default Permissions Include Admin — filebrowserCWE-269 9.8 -2026-03-19
CVE-2026-33289 SuiterCRM has LDAP Filter Injection in Authentication Module — SuiteCRMCWE-90 8.8 High2026-03-19
CVE-2026-29105 SuiteCRM has Unauthenticated Open Redirect in Leads WebToLead Capture — SuiteCRMCWE-601 5.4 Medium2026-03-19
CVE-2026-32816 Admidio has Missing CSRF Validation on Role Delete, Activate, and Deactivate Actions — admidioCWE-352 5.7 Medium2026-03-19
CVE-2026-32041 OpenClaw < 2026.3.1 - Unauthenticated Browser Control Access via Failed Auth Bootstrap — OpenClawCWE-306 6.9 Medium2026-03-19
CVE-2026-32011 OpenClaw < 2026.3.2 - Slow-Request Denial of Service via Pre-Auth Webhook Body Parsing — OpenClawCWE-770 7.5 High2026-03-19
CVE-2026-30871 OpenWrt Project has Stack-based Buffer Overflow in DNS PTR Query — openwrtCWE-121 10.0 -2026-03-19
CVE-2026-32815 SiYuan: Cross-Origin WebSocket Hijacking via Authentication Bypass — Unauthenticated Information Disclosure — siyuanCWE-287 9.1 -2026-03-19
CVE-2026-32754 FreeScout: Stored XSS via Unescaped Email Template Rendering ({!! $thread->body !!}) — freescoutCWE-79 9.3 Critical2026-03-19
CVE-2026-32194 Microsoft Bing Images Remote Code Execution Vulnerability — Microsoft Bing ImagesCWE-77 9.8 Critical2026-03-19
CVE-2026-24299 M365 Copilot Information Disclosure Vulnerability — Microsoft 365 CopilotCWE-77 5.3 Medium2026-03-19
CVE-2026-26120 Microsoft Bing Tampering Vulnerability — Microsoft BingCWE-918 6.5 Medium2026-03-19
CVE-2026-23658 Azure DevOps: msazure Elevation of Privilege Vulnerability — Azure DevOps: msazureCWE-522 8.6 High2026-03-19
CVE-2026-26138 Microsoft Purview Elevation of Privilege Vulnerability — Microsoft PurviewCWE-918 8.6 High2026-03-19
CVE-2026-32191 Microsoft Bing Images Remote Code Execution Vulnerability — Microsoft Bing ImagesCWE-78 9.8 Critical2026-03-19
CVE-2026-26139 Microsoft Purview Elevation of Privilege Vulnerability — Microsoft PurviewCWE-918 8.6 High2026-03-19
CVE-2026-30836 Step CA: Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18) — certificatesCWE-287 10.0 Critical2026-03-19
CVE-2026-27953 ormar has a Pydantic Validation Bypass via Kwargs Injection in Model Constructor — ormarCWE-915 7.1 High2026-03-19
CVE-2026-1005 Integer underflow leads to out-of-bounds access in sniffer AES-GCM/CCM/ARIA-GCM decrypt path — wolfSSLCWE-191 7.5 -2026-03-19
CVE-2026-32867 OPEXUS eComplaint unauthenticated file upload — eComplaintCWE-639 5.4 Medium2026-03-19
CVE-2026-4424 Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing — Red Hat Enterprise Linux 10CWE-125 7.5 High2026-03-19

Vulnerabilities classified as access:pre-auth represent 18802 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.