Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19065

19065 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2021-40661 METTLER TOLEDO IND780 路径遍历漏洞 — n/a 7.5 -2022-10-31
CVE-2022-3254 AWP Classifieds Plugin < 4.3 - Unauthenticated SQLi — WordPress Classifieds Plugin – Ad Directory & Listings by AWP ClassifiedsCWE-89 9.8 -2022-10-31
CVE-2022-3360 LearnPress < 4.1.7.2 - Unauthenticated PHP Object Injection via REST API — LearnPress – WordPress LMS PluginCWE-502 8.1 -2022-10-31
CVE-2022-3402 Log HTTP Requests <= 1.3.1 - Stored Cross-Site Scripting — Log HTTP RequestsCWE-79 6.1 Medium2022-10-28
CVE-2022-2864 WordPress plugin demon image annotation 跨站请求伪造漏洞 — demon image annotation 8.8 High2022-10-28
CVE-2022-37913 Aruba Networks EdgeConnect Enterprise Orchestrator 授权问题漏洞 — Aruba EdgeConnect Enterprise Orchestrator (on-premises), Aruba EdgeConnect Enterprise Orchestrator-as-a-Service, Aruba EdgeConnect Enterprise Orchestrator-SP and Aruba EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators 9.8 -2022-10-28
CVE-2022-37914 Aruba Networks EdgeConnect Enterprise Orchestrator 授权问题漏洞 — Aruba EdgeConnect Enterprise Orchestrator (on-premises), Aruba EdgeConnect Enterprise Orchestrator-as-a-Service, Aruba EdgeConnect Enterprise Orchestrator-SP and Aruba EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators 9.8 -2022-10-28
CVE-2022-37915 Aruba Networks EdgeConnect Enterprise Orchestrator 安全漏洞 — Aruba EdgeConnect Enterprise Orchestrator (on-premises) 9.8 -2022-10-28
CVE-2022-38744 FactoryTalk Alarm and Events Server Vulnerable to Denial-Of-Service Attack — FactoryTalk Alarm and Events ServerCWE-287 7.5 High2022-10-27
CVE-2021-45476 Information disclosure in Yordam Library Information Document Automation Program — Yordam Library Information Document Automation ProgramCWE-79 4.7 Medium2022-10-27
CVE-2021-45475 Information disclosure in Yordam Library Information Document Automation Program — Yordam Library Information Document Automation ProgramCWE-200 5.3 Medium2022-10-27
CVE-2022-43364 IP-COM EW9 安全漏洞 — n/a 7.5 -2022-10-27
CVE-2022-43366 IP-COM EW9 信息泄露漏洞 — n/a 7.5 -2022-10-27
CVE-2022-40703 AliveCor KardiaMobile 授权问题漏洞 — Kardia AppCWE-302 5.2 Medium2022-10-26
CVE-2022-20933 Cisco Meraki MX and Z3 Teleworker Gateway VPN Denial of Service Vulnerability — Cisco Meraki MX FirmwareCWE-234 8.6 High2022-10-26
CVE-2022-38197 BUG-000148347 Unvalidated redirect issues in ArcGIS Server. — ArcGIS ServerCWE-601 6.1 Medium2022-10-25
CVE-2022-38198 BUG-000146513 - Reflected XSS vulnerability in ArcGIS Server — ArcGIS ServerCWE-79 6.1 Medium2022-10-25
CVE-2022-38199 BUG-000144172 - Remote file download issue in ArcGIS Server — ArcGIS ServerCWE-494 6.1 Medium2022-10-25
CVE-2022-36452 Mitel MiCollab 代码问题漏洞 — n/a 9.8 -2022-10-25
CVE-2022-41711 Badaso 代码问题漏洞 — Badaso 9.8 -2022-10-25
CVE-2022-34439 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFSCWE-770 5.3 Medium2022-10-21
CVE-2022-26870 Dell EMC PowerStore 授权问题漏洞 — PowerStoreCWE-288 7.0 High2022-10-21
CVE-2022-27494 CROSS-SITE SCRIPTING CWE-79 — TUG Home Base Server 8.2 High2022-10-21
CVE-2022-1070 CHANNEL ACCESSIBLE BY NON-ENDPOINT CWE-300 — TUG Home Base Server 8.2 High2022-10-21
CVE-2022-1059 CROSS-SITE SCRIPTING CWE-79 — TUG Home Base Server 8.2 High2022-10-21
CVE-2022-26423 MISSING AUTHORIZATION CWE-862 — TUG Home Base Server 8.2 High2022-10-21
CVE-2022-1066 MISSING AUTHORIZATION CWE-862 — TUG Home Base Server 8.2 High2022-10-21
CVE-2022-43400 Siemens Siveillance Video Mobile Server 授权问题漏洞 — Siveillance Video Mobile Server V2022 R2CWE-1390 9.8 -2022-10-21
CVE-2022-43421 Jenkins Tuleap Git Branch Source Plugin 安全漏洞 — Jenkins Tuleap Git Branch Source Plugin 7.5 -2022-10-19
CVE-2016-20016 MV POWER CCTV DVR 安全漏洞 — n/a 9.8 -2022-10-19

Vulnerabilities classified as access:pre-auth represent 19065 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.