Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19065

19065 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2022-20662 Cisco Duo for macOS Authentication Bypass Vulnerability — Cisco DuoCWE-287 6.1 Medium2022-09-30
CVE-2022-34394 Dell SmartFabric OS10 信任管理问题漏洞 — Dell Networking OS10CWE-295 3.7 Low2022-09-28
CVE-2022-29089 Dell SmartFabric OS10 信息泄露漏洞 — Dell Networking OS10CWE-522 6.4 Medium2022-09-28
CVE-2022-28812 Use of Hard-coded Credentials in UWP3.0 allows SuperUser authentication bypass in Car Park Server. — UWP 3.0 Monitoring Gateway and ControllerCWE-798 9.8 Critical2022-09-28
CVE-2022-28811 Possible command injection in Car Park Server in Carlo Gavazzi UWP3.0 — UWP 3.0 Monitoring Gateway and ControllerCWE-78 9.8 Critical2022-09-28
CVE-2022-22524 SQL-injection in Carlo Gavazzi UWP 3.0 allows for full database access — UWP 3.0 Monitoring Gateway and ControllerCWE-89 9.4 Critical2022-09-28
CVE-2022-22522 Hard-coded credentials in Carlo Gavazzi UWP3.0 allows for authentication bypass and full control of the device — UWP 3.0 Monitoring Gateway and ControllerCWE-798 9.8 Critical2022-09-28
CVE-2022-30935 b2evolution 安全特征问题漏洞 — n/a 9.1 -2022-09-28
CVE-2022-39054 COWELL INFORMATION SYSTEM CO., LTD. enterprise travel management system - Reflected XSS — enterprise travel management systemCWE-79 6.1 Medium2022-09-28
CVE-2022-39053 HEIMAVISTA INC. Rpage - Reflected XSS — RpageCWE-79 6.1 Medium2022-09-28
CVE-2022-39035 Smart eVision - Stored XSS — Smart eVisionCWE-79 6.1 Medium2022-09-28
CVE-2022-39033 Smart eVision - Path Traversal -1 — Smart eVisionCWE-22 9.8 Critical2022-09-28
CVE-2022-39030 Smart eVision - Exposure of Sensitive Information to an Unauthorized Actor -2 — Smart eVisionCWE-200 7.5 High2022-09-28
CVE-2022-28813 SQL-injection in Car Park Server 3.0 allows for full database access. — UWP 3.0 Monitoring Gateway and ControllerCWE-89 7.5 High2022-09-28
CVE-2022-3323 Advantech iView SQL注入漏洞 — Advantech iView 7.5 -2022-09-27
CVE-2022-37346 EC-CUBE 代码问题漏洞 — Product Image Bulk Upload Plugin 9.8 -2022-09-27
CVE-2022-41570 EyesOfNetwork SQL注入漏洞 — n/a 9.8 -2022-09-27
CVE-2022-30004 Online Market Place Site SQL注入漏洞 — n/a 9.8 -2022-09-26
CVE-2022-3119 OAuth client Single Sign On for WordPress < 3.0.4 - Unauthenticated Settings Update to Authentication Bypass — OAuth client Single Sign On for WordPress ( OAuth 2.0 SSO )CWE-287 9.1 -2022-09-26
CVE-2022-2987 Ldap WP Login / Active Directory Integration < 3.0.2 - Unauthenticated Settings Update to Auth Bypass — Ldap WP Login / Active Directory IntegrationCWE-862 5.3 -2022-09-26
CVE-2021-24890 Scripts Organizer < 3.0 - Unauthenticated Arbitrary File Upload — scripts-organizerCWE-862 8.8 -2022-09-26
CVE-2022-36340 WordPress MailOptin plugin <= 1.2.49.0 - Unauthenticated Optin Campaign Cache Deletion vulnerability — MailOptin (WordPress plugin)CWE-862 6.5 Medium2022-09-23
CVE-2022-40630 Improper Session Management Vulnerability in Tacitine Firewall — FirewallCWE-384 6.5 Medium2022-09-23
CVE-2022-40629 Sensitive Information Disclosure Vulnerability in Tacitine Firewall — FirewallCWE-200 7.5 High2022-09-23
CVE-2022-40628 Remote Code Execution Vulnerability in Tacitine Firewall — FirewallCWE-94 9.8 Critical2022-09-23
CVE-2022-40194 WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Sensitive Information Disclosure vulnerability — Customer Reviews for WooCommerce (WordPress plugin)CWE-200 5.3 Medium2022-09-23
CVE-2022-40193 WordPress Awesome Filterable Portfolio plugin <= 1.9.7 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability — Awesome Filterable Portfolio (WordPress plugin)CWE-79 6.1 Medium2022-09-23
CVE-2022-35238 WordPress Awesome Filterable Portfolio plugin <= 1.9.7 - Unauthenticated Plugin Settings Change vulnerability — Awesome Filterable Portfolio (WordPress plugin)CWE-264 6.5 Medium2022-09-23
CVE-2022-2266 Reflected XSS University Library Automation System — Yordam Bilgi TeknolojileriCWE-79 6.1 Medium2022-09-22
CVE-2022-41238 Jenkins DotCi Plugin 安全漏洞 — Jenkins DotCi Plugin 9.8 -2022-09-21

Vulnerabilities classified as access:pre-auth represent 19065 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.