access:pre-auth 类型相关 19025 条 CVE 漏洞,含 AI 中文分析、CVSS、参考链接与 POC。
“access:pre-auth”标签标识了无需身份验证即可触发的漏洞,涵盖18971个CVE。此类漏洞之所以关键,是因为攻击者无需凭证即可直接利用,极大降低了攻击门槛并扩大了潜在受害面。典型场景包括远程代码执行、未授权数据访问及拒绝服务攻击,常见于配置错误的API接口、默认凭证服务或存在逻辑缺陷的认证前处理模块,对系统安全性构成直接且严重的威胁。
| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2022-38203 | Esri Portal For ArcGIS 代码问题漏洞 — Portal for ArcGISCWE-918 | 7.5 | High | 2022-12-30 |
| CVE-2022-38204 | Esri Portal For ArcGIS 跨站脚本漏洞 — ArcGIS EnterpriseCWE-79 | 6.1 | Medium | 2022-12-30 |
| CVE-2022-38205 | Esri Portal for ArcGIS 路径遍历漏洞 — ArcGIS EnterpriseCWE-23 | 8.6 | High | 2022-12-30 |
| CVE-2022-38206 | Esri Portal For ArcGIS 跨站脚本漏洞 — ArcGIS EnterpriseCWE-79 | 6.1 | Medium | 2022-12-30 |
| CVE-2022-38207 | Esri Portal For ArcGIS 跨站脚本漏洞 — ArcGIS EnterpriseCWE-79 | 6.1 | Medium | 2022-12-30 |
| CVE-2022-38208 | Esri Portal For ArcGIS 输入验证错误漏洞 — ArcGIS EnterpriseCWE-601 | 6.1 | Medium | 2022-12-30 |
| CVE-2022-38209 | Esri Portal For ArcGIS 跨站脚本漏洞 — ArcGIS QuickcaptureCWE-79 | 6.1 | Medium | 2022-12-30 |
| CVE-2022-38210 | Esri Portal For ArcGIS 跨站脚本漏洞 — ArcGIS EnterpriseCWE-80 | 6.1 | Medium | 2022-12-30 |
| CVE-2022-38211 | Esri Portal For ArcGIS 代码问题漏洞 — ArcGIS EnterpriseCWE-918 | 7.5 | High | 2022-12-30 |
| CVE-2022-38212 | Esri Portal For ArcGIS 代码问题漏洞 — ArcGIS EnterpriseCWE-918 | 7.5 | High | 2022-12-30 |
| CVE-2022-48196 | 多款NETGEAR产品 安全漏洞 — n/a | 7.4 | High | 2022-12-30 |
| CVE-2022-36437 | Hazelcast 授权问题漏洞 — n/a | 9.1 | - | 2022-12-29 |
| CVE-2022-38202 | Esri ArcGIS Server 路径遍历漏洞 — ArcGIS ServerCWE-23 | 7.5 | High | 2022-12-28 |
| CVE-2022-45423 | Dahua software products 访问控制错误漏洞 — DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 | 7.5 | - | 2022-12-27 |
| CVE-2022-45424 | Dahua software products 访问控制错误漏洞 — DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 | 5.3 | - | 2022-12-27 |
| CVE-2022-45430 | Dahua software products 授权问题漏洞 — DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 | 3.7 | - | 2022-12-27 |
| CVE-2022-45431 | Dahua software products 授权问题漏洞 — DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 | 7.5 | - | 2022-12-27 |
| CVE-2022-45432 | Dahua software products 授权问题漏洞 — DSS Professional、DSS Express、DHI-DSS7016D-S2/DHI-DSS7016DR-S2、DHI-DSS4004-S2 | 5.3 | - | 2022-12-27 |
| CVE-2022-45433 | Dahua software products 授权问题漏洞 — DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 | 5.3 | - | 2022-12-27 |
| CVE-2022-45434 | Dahua software products 授权问题漏洞 — DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 | 7.5 | - | 2022-12-27 |
| CVE-2022-46764 | TrueConf Server SQL注入漏洞 — TrueConf ServerCWE-89 | 9.8 | Critical | 2022-12-27 |
| CVE-2022-4047 | WordPress Plugin WooCommerce 代码问题漏洞 — Return Refund and Exchange For WooCommerce | 9.8 | - | 2022-12-26 |
| CVE-2022-4117 | WordPress Plugin IWS SQL注入漏洞 — IWS | 9.8 | - | 2022-12-26 |
| CVE-2021-35951 | fastrack Reflex 安全漏洞 — n/a | 7.5 | - | 2022-12-26 |
| CVE-2021-45467 | CWP Panel 代码注入漏洞 — n/a | 9.8 | - | 2022-12-26 |
| CVE-2022-24119 | GE General Electric Renewable Energy MDS Radios 安全漏洞 — n/a | 9.8 | - | 2022-12-26 |
| CVE-2019-19030 | Cloud Native Computing Foundation Harbor 安全漏洞 — n/a | 5.3 | - | 2022-12-26 |
| CVE-2020-10650 | jackson-databind 代码问题漏洞 — n/a | 8.1 | - | 2022-12-26 |
| CVE-2020-11101 | Sierra Wireless AirLink Mobility Manager 安全漏洞 — n/a | 9.8 | - | 2022-12-26 |
| CVE-2022-44013 | Simmeth System Supplier Manager 访问控制错误漏洞 — n/a | 9.1 | - | 2022-12-25 |
access:pre-auth 是常见的弱点类别,本平台收录该类弱点关联的 19025 条 CVE 漏洞。