Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18816

18816 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2025-15473 Timetics < 1.0.52 - Unauthenticated Payment/Booking Status Update — Timetics 5.3AIMediumAI2026-03-12
CVE-2026-3657 My Sticky Bar <= 2.8.6 - Unauthenticated SQL Injection via 'stickymenu_contact_lead_form' Action — My Sticky Bar – Floating Notification Bar & Sticky Header (formerly myStickymenu)CWE-89 7.5 High2026-03-12
CVE-2026-25819 HMS Cosy+和HMS Ewon Flexy 安全漏洞 — n/a 7.5 -2026-03-12
CVE-2026-25823 HMS Ewon Flexy和HMS Networks HMS Cosy+ 安全漏洞 — n/a 9.8 -2026-03-12
CVE-2026-32136 AdGuard Home: HTTP/2 Cleartext (h2c) Upgrade Authentication Bypass — AdGuardHomeCWE-287 9.8 Critical2026-03-11
CVE-2026-32130 ZITADEL SCIM Authentication Bypass via URL Encoding — zitadelCWE-288 7.5 High2026-03-11
CVE-2026-32111 ha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracle — ha-mcpCWE-918 5.3 Medium2026-03-11
CVE-2026-32096 Plunk has SSRF via unvalidated AWS SNS SubscriptionConfirmation in POST /webhooks/sns — plunkCWE-918 9.3 Critical2026-03-11
CVE-2026-31888 Shopware has user enumeration via distinct error codes on Store API login endpoint — coreCWE-204 5.3 Medium2026-03-11
CVE-2026-31887 Shopware unauthenticated data extraction possible through store-api.order endpoint — coreCWE-863 9.1AICriticalAI2026-03-11
CVE-2026-31881 Runtipi unauthenticated /api/auth/reset-password allows operator account takeover during active reset window — runtipiCWE-306 7.7 High2026-03-11
CVE-2019-25487 SAPIDO RB-1732 V2.0.43 Remote Command Execution via formSysCmd — RB-1732CWE-639 9.8 Critical2026-03-11
CVE-2019-25486 Varient 1.6.1 SQL Injection via user_id Parameter — Varient SQL Inj.CWE-89 8.2 High2026-03-11
CVE-2019-25480 ARMBot Unrestricted File Upload via upload.php — ARMBotCWE-22 7.5 High2026-03-11
CVE-2019-25472 IntelBras Telefone IP TIP200/200 LITE Arbitrary File Read via dumpConfigFile — Telefone IP TIP 200CWE-73 7.5 High2026-03-11
CVE-2019-25468 NetGain EM Plus 10.1.68 Remote Code Execution via script_test.jsp — NetGain EM PlusCWE-94 9.8 Critical2026-03-11
CVE-2019-25465 Hisilicon HiIpcam V100R003 Information Disclosure via Directory Traversal — HiIpcamCWE-260 7.5 High2026-03-11
CVE-2018-25159 Epross AVCON6 OGNL Remote Code Execution via login.action — AVCON6 systems management platformCWE-1334 9.8 Critical2026-03-11
CVE-2026-31874 Taskosaur Improper Role Assignment via Parameter Manipulation in User Registration — TaskosaurCWE-284 9.8 Critical2026-03-11
CVE-2026-20118 Cisco IOS-XR NCS 5500 and NCS 5700 Egress Packet Network Interfaces Aligner Interrupt Denial of Service Vulnerability — Cisco IOS XR SoftwareCWE-460 6.8 Medium2026-03-11
CVE-2026-20117 Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities — Cisco Unified Contact Center ExpressCWE-79 6.1 Medium2026-03-11
CVE-2026-20116 Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities — Cisco Unified Contact Center ExpressCWE-79 6.1 Medium2026-03-11
CVE-2026-20074 Cisco IOS XR Software Multi-Instance Intermediate System-to-Intermediate System Denial of Service Vulnerability — Cisco IOS XR SoftwareCWE-1287 7.4 High2026-03-11
CVE-2025-13929 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 7.5 High2026-03-11
CVE-2025-14513 Improper Validation of Specified Quantity in Input in GitLab — GitLabCWE-1284 7.5 High2026-03-11
CVE-2026-1069 Uncontrolled Recursion in GitLab — GitLabCWE-674 7.5 High2026-03-11
CVE-2026-27897 Vociferous Unauthenticated Remote Path Traversal (RCE via CSRF) — VociferousCWE-22 10.0 Critical2026-03-11
CVE-2026-3013 Path Traversal in Coppermine Photo Gallery — Coppermine Photo GalleryCWE-22 7.5AIHighAI2026-03-11
CVE-2026-30903 Zoom Workplace 安全漏洞 — Zoom WorkplaceCWE-73 9.6 Critical2026-03-11
CVE-2026-32062 OpenClaw 2026.2.21-2 < 2026.2.22 - Unauthenticated WebSocket Resource Exhaustion via Media Stream — openclawCWE-770 7.5 High2026-03-11

Vulnerabilities classified as access:pre-auth represent 18816 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.