access:pre-auth 类型相关 19009 条 CVE 漏洞,含 AI 中文分析、CVSS、参考链接与 POC。
“access:pre-auth”标签标识了无需身份验证即可触发的漏洞,涵盖18971个CVE。此类漏洞之所以关键,是因为攻击者无需凭证即可直接利用,极大降低了攻击门槛并扩大了潜在受害面。典型场景包括远程代码执行、未授权数据访问及拒绝服务攻击,常见于配置错误的API接口、默认凭证服务或存在逻辑缺陷的认证前处理模块,对系统安全性构成直接且严重的威胁。
| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2023-35979 | Aruba Networks ArubaOS 安全漏洞 — Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central | 5.3 | Medium | 2023-07-05 |
| CVE-2023-35978 | Aruba Networks ArubaOS 跨站脚本漏洞 — Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central | 6.1 | Medium | 2023-07-05 |
| CVE-2023-35971 | Aruba Networks ArubaOS 跨站脚本漏洞 — Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central | 8.8 | High | 2023-07-05 |
| CVE-2023-2538 | TYAN Tempest CX S5552 安全漏洞 — s5552_bmcCWE-552 | 5.8 | Medium | 2023-07-05 |
| CVE-2023-2880 | Frauscher Sensortechnik GmbH FDS001 路径遍历漏洞 — Diagnostic System FDS101 for FAdC/FAdCiCWE-22 | 7.5 | High | 2023-07-05 |
| CVE-2023-36934 | Progress Software MOVEit Transfer SQL注入漏洞 — n/a | 9.8 | - | 2023-07-05 |
| CVE-2023-3133 | WordPress plugin Tutor LMS 安全漏洞 — Tutor LMS | 5.3 | - | 2023-07-04 |
| CVE-2023-36814 | Zope Products.CMFCore 安全漏洞 — Products.CMFCoreCWE-770 | 7.5 | High | 2023-07-03 |
| CVE-2021-4405 | WordPress Plugin ElasticPress 跨站请求伪造漏洞 — ElasticPressCWE-352 | 4.3 | Medium | 2023-07-01 |
| CVE-2020-36749 | WordPress Plugin Easy Testimonials 跨站请求伪造漏洞 — Easy TestimonialsCWE-352 | 4.3 | Medium | 2023-07-01 |
| CVE-2020-36748 | WordPress Plugin Dokan 跨站请求伪造漏洞 — Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, EtsyCWE-352 | 4.3 | Medium | 2023-07-01 |
| CVE-2021-4403 | WordPress Plugin Remove Schema 跨站请求伪造漏洞 — Remove SchemaCWE-352 | 4.3 | Medium | 2023-07-01 |
| CVE-2021-4404 | WordPress Plugin Event Espresso 4 Decaf 跨站请求伪造漏洞 — Event Espresso – Event Registration & Ticketing SalesCWE-352 | 4.3 | Medium | 2023-07-01 |
| CVE-2021-4402 | WordPress Plugin Multiple Roles 跨站请求伪造漏洞 — Multiple RolesCWE-352 | 4.3 | Medium | 2023-07-01 |
| CVE-2020-36747 | WordPress Plugin Lightweight Sidebar Manager 跨站请求伪造漏洞 — Lightweight Sidebar ManagerCWE-352 | 4.3 | Medium | 2023-07-01 |
| CVE-2021-4399 | WordPress Plugin Edwiser Bridge 跨站请求伪造漏洞 — Edwiser Bridge – WordPress Moodle IntegrationCWE-352 | 4.3 | Medium | 2023-07-01 |
| CVE-2021-4400 | WordPress Plugin Better Search 跨站请求伪造漏洞 — Better Search – Relevant search results for WordPressCWE-352 | 4.3 | Medium | 2023-07-01 |
| CVE-2021-4401 | WordPress Plugin Style Kits 跨站请求伪造漏洞 — Style Kits – Advanced Theme Styles for Elementor, Elementor Kits & Elementor PatternsCWE-352 | 8.8 | High | 2023-07-01 |
| CVE-2021-4397 | WordPress Plugin Staff Directory 跨站请求伪造漏洞 — Staff Directory Plugin: Company DirectoryCWE-352 | 4.3 | Medium | 2023-07-01 |
| CVE-2021-4398 | WordPress Plugin Amministrazione Trasparente 跨站请求伪造漏洞 — Amministrazione TrasparenteCWE-352 | 4.3 | Medium | 2023-07-01 |
| CVE-2021-4396 | WordPress Plugin Rucy 跨站请求伪造漏洞 — RucyCWE-352 | 4.3 | Medium | 2023-07-01 |
| CVE-2020-36746 | WordPress Plugin Menu Swapper 跨站请求伪造漏洞 — Menu SwapperCWE-352 | 4.3 | Medium | 2023-07-01 |
| CVE-2021-4395 | WordPress Plugin Abandoned Cart Recovery for WooCommerce 跨站请求伪造漏洞 — Abandoned Cart Recovery for WooCommerceCWE-352 | 4.3 | Medium | 2023-07-01 |
| CVE-2021-4388 | WordPress Plugin Opal Estate 安全漏洞 — Opal EstateCWE-862 | 4.3 | Medium | 2023-07-01 |
| CVE-2020-36745 | WordPress Plugin WP Project Manager 跨站请求伪造漏洞 — Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time TrackerCWE-352 | 4.3 | Medium | 2023-07-01 |
| CVE-2020-36744 | WordPress Plugin NotificationX 跨站请求伪造漏洞 — NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification BarCWE-352 | 4.3 | Medium | 2023-07-01 |
| CVE-2021-4394 | WordPress Plugin Locations 跨站请求伪造漏洞 — LocationsCWE-352 | 4.3 | Medium | 2023-07-01 |
| CVE-2021-4392 | WordPress Plugin eCommerce Product Catalog 跨站请求伪造漏洞 — eCommerce Product Catalog Plugin for WordPressCWE-352 | 4.3 | Medium | 2023-07-01 |
| CVE-2020-36742 | WordPress Plugin Custom Field Template 跨站请求伪造漏洞 — Custom Field TemplateCWE-352 | 4.3 | Medium | 2023-07-01 |
| CVE-2020-36743 | WordPress Plugin Product Catalog Simple 跨站请求伪造漏洞 — Product Catalog SimpleCWE-352 | 4.3 | Medium | 2023-07-01 |
access:pre-auth 是常见的弱点类别,本平台收录该类弱点关联的 19009 条 CVE 漏洞。