access:pre-auth 类型相关 19002 条 CVE 漏洞,含 AI 中文分析、CVSS、参考链接与 POC。
“access:pre-auth”标签标识了无需身份验证即可触发的漏洞,涵盖18971个CVE。此类漏洞之所以关键,是因为攻击者无需凭证即可直接利用,极大降低了攻击门槛并扩大了潜在受害面。典型场景包括远程代码执行、未授权数据访问及拒绝服务攻击,常见于配置错误的API接口、默认凭证服务或存在逻辑缺陷的认证前处理模块,对系统安全性构成直接且严重的威胁。
| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2023-33987 | SAP Web Dispatcher 环境问题漏洞 — SAP Web DispatcherCWE-444 | 8.6 | High | 2023-07-11 |
| CVE-2023-31405 | SAP NetWeaver 安全漏洞 — SAP NetWeaver AS for Java (Log Viewer)CWE-117 | 5.3 | Medium | 2023-07-11 |
| CVE-2023-2079 | WordPress Plugin Buy Me a Coffee – Button and Widget 跨站请求伪造漏洞 — Buy Me a Coffee – Button and Widget PluginCWE-352 | 7.1 | High | 2023-07-11 |
| CVE-2023-24489 | Citrix Systems Content Collaboration 安全漏洞 — Citrix ShareFile Storage Zones ControllerCWE-284 | 9.8 | Critical | 2023-07-10 |
| CVE-2023-3219 | WordPress plugin EventON 安全漏洞 — EventON | 7.5 | - | 2023-07-10 |
| CVE-2023-1597 | WordPress plugin tagDiv Cloud Library 安全漏洞 — tagDiv Cloud Library | 9.1 | - | 2023-07-10 |
| CVE-2023-2495 | WordPress plugin Greeklish-permalink 安全漏洞 — Greeklish-permalink | 6.5 | - | 2023-07-10 |
| CVE-2023-3077 | WordPress plugin MStore API SQL注入漏洞 — MStore API | 9.8 | - | 2023-07-10 |
| CVE-2023-2796 | WordPress plugin EventON 安全漏洞 — EventON | 5.3 | - | 2023-07-10 |
| CVE-2023-35699 | SICK ICR890-4 安全漏洞 — ICR890-4CWE-313 | 5.3 | Medium | 2023-07-10 |
| CVE-2023-35696 | SICK ICR890-4 安全漏洞 — ICR890-4CWE-668 | 7.5 | High | 2023-07-10 |
| CVE-2023-3273 | SICK ICR890-4 安全漏洞 — ICR890-4CWE-284 | 7.5 | High | 2023-07-10 |
| CVE-2023-3271 | SICK ICR890-4 安全漏洞 — ICR890-4CWE-284 | 8.2 | High | 2023-07-10 |
| CVE-2023-3270 | SICK ICR890-4 安全漏洞 — ICR890-4 | 8.6 | High | 2023-07-10 |
| CVE-2023-37152 | Projectworlds Online Art gallery project 代码问题漏洞 — n/a | 9.1 | - | 2023-07-10 |
| CVE-2023-37286 | SmartSoft SmartBPM.NET 信任管理问题漏洞 — SmartBPM.NETCWE-798 | 9.8 | Critical | 2023-07-10 |
| CVE-2023-37287 | SmartSoft SmartBPM.NET 信任管理问题漏洞 — SmartBPM.NETCWE-798 | 9.1 | Critical | 2023-07-10 |
| CVE-2023-37288 | SmartSoft SmartBPM.NET 路径遍历漏洞 — SmartBPM.NETCWE-23 | 6.5 | Medium | 2023-07-10 |
| CVE-2023-20180 | Cisco Webex Meetings 跨站请求伪造漏洞 — Cisco Webex MeetingsCWE-352 | 4.3 | Medium | 2023-07-07 |
| CVE-2023-37170 | TOTOLINK A3300R 操作系统命令注入漏洞 — n/a | 9.8 | - | 2023-07-07 |
| CVE-2023-20899 | VMware SD-WAN 安全漏洞 — VMware SD-WAN (Edge) | 7.5 | - | 2023-07-06 |
| CVE-2023-35940 | GLPI 访问控制错误漏洞 — glpiCWE-284 | 7.5 | High | 2023-07-05 |
| CVE-2023-34244 | GLPI 跨站脚本漏洞 — glpiCWE-79 | 6.5 | Medium | 2023-07-05 |
| CVE-2023-35979 | Aruba Networks ArubaOS 安全漏洞 — Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central | 5.3 | Medium | 2023-07-05 |
| CVE-2023-35978 | Aruba Networks ArubaOS 跨站脚本漏洞 — Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central | 6.1 | Medium | 2023-07-05 |
| CVE-2023-35971 | Aruba Networks ArubaOS 跨站脚本漏洞 — Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central | 8.8 | High | 2023-07-05 |
| CVE-2023-2538 | TYAN Tempest CX S5552 安全漏洞 — s5552_bmcCWE-552 | 5.8 | Medium | 2023-07-05 |
| CVE-2023-2880 | Frauscher Sensortechnik GmbH FDS001 路径遍历漏洞 — Diagnostic System FDS101 for FAdC/FAdCiCWE-22 | 7.5 | High | 2023-07-05 |
| CVE-2023-36934 | Progress Software MOVEit Transfer SQL注入漏洞 — n/a | 9.8 | - | 2023-07-05 |
| CVE-2023-3133 | WordPress plugin Tutor LMS 安全漏洞 — Tutor LMS | 5.3 | - | 2023-07-04 |
access:pre-auth 是常见的弱点类别,本平台收录该类弱点关联的 19002 条 CVE 漏洞。