access:pre-auth 类型相关 19017 条 CVE 漏洞,含 AI 中文分析、CVSS、参考链接与 POC。
“access:pre-auth”标签标识了无需身份验证即可触发的漏洞,涵盖18971个CVE。此类漏洞之所以关键,是因为攻击者无需凭证即可直接利用,极大降低了攻击门槛并扩大了潜在受害面。典型场景包括远程代码执行、未授权数据访问及拒绝服务攻击,常见于配置错误的API接口、默认凭证服务或存在逻辑缺陷的认证前处理模块,对系统安全性构成直接且严重的威胁。
| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2023-20081 | Cisco Adaptive Security Appliances Software 缓冲区错误漏洞 — Cisco IOSCWE-122 | 6.8 | Medium | 2023-03-23 |
| CVE-2023-20082 | Cisco IOS XE Software 安全漏洞 — Cisco IOS XE ROMMON SoftwareCWE-78 | 6.1 | Medium | 2023-03-23 |
| CVE-2023-20100 | Cisco IOS XE Software 安全漏洞 — Cisco IOS XE SoftwareCWE-694 | 6.8 | Medium | 2023-03-23 |
| CVE-2023-20107 | Cisco Adaptive Security Appliances Software 安全特征问题漏洞 — Cisco Adaptive Security Appliance (ASA) SoftwareCWE-332 | 7.5 | - | 2023-03-23 |
| CVE-2023-20112 | Cisco Access Point 缓冲区错误漏洞 — Cisco Aironet Access Point SoftwareCWE-126 | 7.4 | High | 2023-03-23 |
| CVE-2023-20113 | Cisco SD-WAN vManage Software 跨站请求伪造漏洞 — Cisco SD-WAN vManageCWE-352 | 6.5 | Medium | 2023-03-23 |
| CVE-2023-27857 | Rockwell Automation ThinManager ThinServer 缓冲区错误漏洞 — ThinManager ThinServerCWE-125 | 7.5 | High | 2023-03-22 |
| CVE-2023-28662 | WordPress Plugin Gift Cards SQL注入漏洞 — Gift Cards (Gift Vouchers and Packages) WordPress Plugin | 9.8 | - | 2023-03-22 |
| CVE-2023-28667 | WordPress Plugin Lead Generated 代码问题漏洞 — Lead Generated WordPress Plugin | 9.8 | - | 2023-03-22 |
| CVE-2023-27856 | Rockwell Automation ThinManager 路径遍历漏洞 — ThinManager ThinServerCWE-22 | 7.5 | High | 2023-03-21 |
| CVE-2023-27855 | Rockwell Automation ThinManager 路径遍历漏洞 — ThinManager ThinServerCWE-22 | 9.8 | Critical | 2023-03-21 |
| CVE-2023-28424 | Gentoo SQL注入漏洞 — sokoCWE-89 | 9.1 | Critical | 2023-03-20 |
| CVE-2023-27591 | Miniflux 安全漏洞 — v2CWE-1220 | 7.5 | High | 2023-03-17 |
| CVE-2023-1472 | WordPress plugin RapidLoad Power-Up for Autoptimize 跨站请求伪造漏洞 — RapidLoad AI – Optimize Web Vitals AutomaticallyCWE-352 | 6.3 | Medium | 2023-03-17 |
| CVE-2023-1172 | WordPress Plugin Bookly 跨站脚本漏洞 — WordPress Online Booking and Scheduling Plugin – Bookly | 7.2 | High | 2023-03-17 |
| CVE-2021-21548 | Dell EMC Unisphere for PowerMax信任管理问题漏洞 — Unisphere for PowerMax, Dell EMC Unisphere for PowerMax Virtual Appliance , PowerMax OSCWE-295 | 7.4 | High | 2023-03-17 |
| CVE-2023-1256 | AVEVA Plant SCADA Access Anywhere 授权问题漏洞 — AVEVA Plant SCADA | 9.8 | Critical | 2023-03-16 |
| CVE-2023-1431 | WordPress Plugin WP Simple Shopping Cart 信息泄露漏洞 — WordPress Simple Shopping Cart | 5.3 | Medium | 2023-03-16 |
| CVE-2023-28096 | OpenSIPS 安全漏洞 — opensipsCWE-401 | 4.5 | Medium | 2023-03-15 |
| CVE-2023-28461 | Array Networks ArrayOS AG 授权问题漏洞 — n/a | 9.8 | - | 2023-03-15 |
| CVE-2023-1389 | TP-LINK Archer AX21 命令注入漏洞 — TP-Link Archer AX21 (AX1800) | 8.8 | - | 2023-03-15 |
| CVE-2023-25589 | Aruba Networks ClearPass Policy Manager 安全漏洞 — Aruba ClearPass Policy Manager | 9.8 | Critical | 2023-03-14 |
| CVE-2023-25957 | Siemens Mendix SAML Module 授权问题漏洞 — Mendix SAML (Mendix 7 compatible)CWE-303 | 9.1 | Critical | 2023-03-14 |
| CVE-2023-27498 | SAP Host Agent 安全漏洞 — Host Agent (SAPOSCOL)CWE-121 | 7.2 | High | 2023-03-14 |
| CVE-2023-27268 | SAP NetWeaver Application Server Java 访问控制错误漏洞 — NetWeaver AS Java (Object Analyzing Service)CWE-284 | 5.3 | Medium | 2023-03-14 |
| CVE-2023-23857 | SAP NetWeaver AS 授权问题漏洞 — NetWeaver AS for JavaCWE-287 | 9.9 | Critical | 2023-03-14 |
| CVE-2023-0021 | SAP NetWeaver 跨站脚本漏洞 — SAP NetWeaverCWE-79 | 6.1 | Medium | 2023-03-14 |
| CVE-2023-1327 | NETGEAR RAX30 授权问题漏洞 — Netgear RAX30 (AX2400) | 9.8 | - | 2023-03-14 |
| CVE-2023-0349 | Akuvox E11 安全漏洞 — E11 | 7.5 | High | 2023-03-13 |
| CVE-2023-0352 | Akuvox E11 授权问题漏洞 — E11 | 9.1 | Critical | 2023-03-13 |
access:pre-auth 是常见的弱点类别,本平台收录该类弱点关联的 19017 条 CVE 漏洞。