Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

access:pre-auth — CVE vulnerabilities tagged 18802

18802 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPaused
CVE-2026-26354 Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞 — PowerProtect Data DomainCWE-121 8.1 High2026-04-22
CVE-2026-4922 Cross-Site Request Forgery (CSRF) in GitLab — GitLabCWE-352 8.1 High2026-04-22
CVE-2026-5262 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79 8.0 High2026-04-22
CVE-2026-5816 Improper Resolution of Path Equivalence in GitLab — GitLabCWE-41 8.0 High2026-04-22
CVE-2018-25270 ThinkPHP 5.0.23 Remote Code Execution via invokefunction — ThinkPHPCWE-639 9.8 Critical2026-04-22
CVE-2026-5749 Inadequate access control vulnerability in Fullstep — FullstepCWE-306 7.5AIHighAI2026-04-22
CVE-2026-41651 PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root — PackageKitCWE-367 8.8 High2026-04-22
CVE-2026-4138 DX Unanswered Comments <= 1.7 - Cross-Site Request Forgery via Settings Update — DX Unanswered CommentsCWE-352 4.3 Medium2026-04-22
CVE-2026-6294 Google PageRank Display <= 1.4 - Cross-Site Request Forgery to Settings Update via Settings Page — Google PageRank DisplayCWE-352 4.3 Medium2026-04-22
CVE-2026-4121 Kcaptcha <= 1.0.1 - Cross-Site Request Forgery to Settings Update — KcaptchaCWE-352 4.3 Medium2026-04-22
CVE-2026-6235 Sendmachine for WordPress <= 1.0.20 - Unauthenticated SMTP Hijack to Privilege Escalation via manage_admin_requests — Sendmachine for WordPressCWE-862 9.8 Critical2026-04-22
CVE-2026-4090 Inquiry cart <= 3.4.2 - Cross-Site Request Forgery via Settings Form — Inquiry cartCWE-352 6.1 Medium2026-04-22
CVE-2026-4118 Call To Action Plugin <= 3.1.3 - Cross-Site Request Forgery via Settings Update — Call To Action PluginCWE-352 4.3 Medium2026-04-22
CVE-2026-4139 mCatFilter <= 0.5.2 - Cross-Site Request Forgery via compute_post() Function — mCatFilterCWE-352 4.3 Medium2026-04-22
CVE-2026-6396 Fast & Fancy Filter – 3F <= 1.2.2 - Cross-Site Request Forgery to Settings Modification via fff_save_settins AJAX Action — Fast & Fancy Filter – 3FCWE-352 4.3 Medium2026-04-22
CVE-2026-4140 Ni WooCommerce Order Export <= 3.1.6 - Cross-Site Request Forgery to Settings Update via ni_order_export_action AJAX Action — Ni WooCommerce Order ExportCWE-352 4.3 Medium2026-04-22
CVE-2026-4133 TextP2P Texting Widget <= 1.7 - Cross-Site Request Forgery to Settings Update — TextP2P Texting WidgetCWE-352 4.3 Medium2026-04-22
CVE-2026-4131 WP Responsive Popup + Optin <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'wpo_image_url' Parameter — WP Responsive Popup + OptinCWE-352 6.1 Medium2026-04-22
CVE-2026-6835 aEnrich|a+HCM - Arbitrary File Upload — a+HCMCWE-434 6.1 Medium2026-04-22
CVE-2026-41458 OwnTone Server < 29.1 Race Condition DoS via DAAP Login — owntone-serverCWE-362 5.9AIMediumAI2026-04-22
CVE-2026-41135 free5GC PCF: Memory Leak via CORS Middleware Registration in HTTP Handler Leads to Denial of Service — pcfCWE-400 7.5 High2026-04-21
CVE-2026-41130 Craft CMS has a host header injection leading to SSRF via resource-js endpoint — cmsCWE-918 10.0AICriticalAI2026-04-21
CVE-2026-40575 OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing — oauth2-proxyCWE-290 9.1 Critical2026-04-21
CVE-2026-41059 OAuth2 Proxy has an Authentication Bypass via Fragment Confusion in skip_auth_routes and skip_auth_regex — oauth2-proxyCWE-288 8.2 High2026-04-21
CVE-2026-40935 WWBN/AVideo has CAPTCHA Bypass via Attacker-Controlled Length Parameter and Missing Token Invalidation on Failure — AVideoCWE-804 5.3 Medium2026-04-21
CVE-2026-5921 Server-Side Request Forgery in GitHub Enterprise Server allowed extraction of sensitive environment variables via timing side-channel attack — Enterprise ServerCWE-918 7.5AIHighAI2026-04-21
CVE-2026-35245 Oracle VM VirtualBox 安全漏洞 — Oracle VM VirtualBox 7.5 High2026-04-21
CVE-2026-35231 Oracle Financial Services Transaction Filtering 安全漏洞 — Oracle Financial Services Transaction Filtering 7.5 High2026-04-21
CVE-2026-35229 Oracle Database Server 安全漏洞 — Oracle Database Server 7.5 High2026-04-21
CVE-2026-34323 Oracle Life Sciences InForm 安全漏洞 — Oracle Life Sciences InForm 6.3 Medium2026-04-21

Vulnerabilities classified as access:pre-auth represent 18802 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.