access:pre-auth 类型相关 19015 条 CVE 漏洞,含 AI 中文分析、CVSS、参考链接与 POC。
“access:pre-auth”标签标识了无需身份验证即可触发的漏洞,涵盖18971个CVE。此类漏洞之所以关键,是因为攻击者无需凭证即可直接利用,极大降低了攻击门槛并扩大了潜在受害面。典型场景包括远程代码执行、未授权数据访问及拒绝服务攻击,常见于配置错误的API接口、默认凭证服务或存在逻辑缺陷的认证前处理模块,对系统安全性构成直接且严重的威胁。
| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2023-27889 | WordPress plugin LIQUID SPEECH BALLOON 跨站请求伪造漏洞 — LIQUID SPEECH BALLOON | 8.8 | - | 2023-05-10 |
| CVE-2023-27918 | WordPress plugin Appointment and Event Booking Calendar for WordPress 跨站脚本漏洞 — Appointment and Event Booking Calendar for WordPress - Amelia | 6.1 | - | 2023-05-10 |
| CVE-2023-27919 | NEXT ENGINE Integration Plugin 授权问题漏洞 — NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series) | 7.5 | - | 2023-05-10 |
| CVE-2023-30353 | Tenda CP3 命令注入漏洞 — n/a | 9.8 | - | 2023-05-10 |
| CVE-2022-36330 | Western Digital My Cloud Home 安全漏洞 — My Cloud Home and My Cloud Home DuoCWE-120 | 1.9 | Low | 2023-05-09 |
| CVE-2023-25831 | Esri Portal For ArcGIS 跨站脚本漏洞 — Portal for ArcGISCWE-79 | 6.1 | Medium | 2023-05-09 |
| CVE-2023-25830 | Esri Portal for ArcGIS 跨站脚本漏洞 — Portal for ArcGISCWE-79 | 6.1 | Medium | 2023-05-09 |
| CVE-2023-25829 | Esri Portal For ArcGIS 输入验证错误漏洞 — Portal for ArcGISCWE-601 | 6.1 | Medium | 2023-05-09 |
| CVE-2023-29107 | Siemens SIMATIC Cloud Connect 安全漏洞 — SIMATIC Cloud Connect 7 CC712CWE-552 | 5.3 | Medium | 2023-05-09 |
| CVE-2023-29106 | Siemens SIMATIC Cloud Connect 信息泄露漏洞 — SIMATIC Cloud Connect 7 CC712CWE-200 | 5.3 | Medium | 2023-05-09 |
| CVE-2023-31406 | SAP BusinessObjects Business Intelligence Platform 跨站脚本漏洞 — SAP BusinessObjects Business Intelligence PlatformCWE-79 | 6.1 | Medium | 2023-05-09 |
| CVE-2023-30744 | SAP NetWeaver Application Server Java 访问控制错误漏洞 — SAP AS NetWeaver JAVACWE-306 | 8.2 | High | 2023-05-09 |
| CVE-2023-30741 | SAP BusinessObjects Business Intelligence Platform 跨站脚本漏洞 — SAP BusinessObjects Business Intelligence PlatformCWE-79 | 6.1 | Medium | 2023-05-09 |
| CVE-2023-28764 | SAP BusinessObjects Platform 安全漏洞 — SAP BusinessObjects PlatformCWE-522 | 3.7 | Low | 2023-05-09 |
| CVE-2023-2156 | Linux kernel 安全漏洞 — Linux kernel (RPL protocol)CWE-617 | 7.5 | - | 2023-05-09 |
| CVE-2023-22787 | Aruba Networks InstantOS 安全漏洞 — Aruba Access Points running InstantOS and ArubaOS 10 | 7.5 | High | 2023-05-08 |
| CVE-2023-22786 | Aruba Networks InstantOS 安全漏洞 — Aruba Access Points running InstantOS and ArubaOS 10 | 9.8 | Critical | 2023-05-08 |
| CVE-2023-22785 | Aruba Networks InstantOS 安全漏洞 — Aruba Access Points running InstantOS and ArubaOS 10 | 9.8 | Critical | 2023-05-08 |
| CVE-2023-22784 | Aruba Networks InstantOS 安全漏洞 — Aruba Access Points running InstantOS and ArubaOS 10 | 9.8 | Critical | 2023-05-08 |
| CVE-2023-22783 | Aruba Networks InstantOS 安全漏洞 — Aruba Access Points running InstantOS and ArubaOS 10 | 9.8 | Critical | 2023-05-08 |
| CVE-2023-22782 | Aruba Networks InstantOS 安全漏洞 — Aruba Access Points running InstantOS and ArubaOS 10 | 9.8 | Critical | 2023-05-08 |
| CVE-2023-22781 | Aruba Networks InstantOS 安全漏洞 — Aruba Access Points running InstantOS and ArubaOS 10 | 9.8 | Critical | 2023-05-08 |
| CVE-2023-22780 | Aruba Networks InstantOS 安全漏洞 — Aruba Access Points running InstantOS and ArubaOS 10 | 9.8 | Critical | 2023-05-08 |
| CVE-2023-22779 | Aruba Networks InstantOS 安全漏洞 — Aruba Access Points running InstantOS and ArubaOS 10 | 9.8 | Critical | 2023-05-08 |
| CVE-2023-1650 | WordPress plugin AI ChatBot 代码问题漏洞 — AI ChatBot | 9.8 | - | 2023-05-08 |
| CVE-2023-1660 | WordPress plugin AI ChatBot 跨站脚本漏洞 — AI ChatBot | 6.1 | - | 2023-05-08 |
| CVE-2023-0421 | WordPress plugin Cloud Manager 跨站脚本漏洞 — Cloud Manager | 6.1 | - | 2023-05-08 |
| CVE-2023-23523 | Apple iOS 和 iPadOS 安全漏洞 — macOS | 4.0 | - | 2023-05-08 |
| CVE-2017-20184 | Carlo Gavazzi Powersoft 路径遍历漏洞 — PowersoftCWE-22 | 7.5 | High | 2023-05-04 |
| CVE-2023-20126 | Cisco SPA112 2-Port Phone Adapter 访问控制错误漏洞 — Cisco Small Business IP PhonesCWE-306 | 9.8 | Critical | 2023-05-04 |
access:pre-auth 是常见的弱点类别,本平台收录该类弱点关联的 19015 条 CVE 漏洞。