access:pre-auth 标签下的 CVE 漏洞 19065

access:pre-auth 类型相关 19065 条 CVE 漏洞，含 AI 中文分析、CVSS、参考链接与 POC。

“access:pre-auth”标签标识了无需身份验证即可触发的漏洞，涵盖18971个CVE。此类漏洞之所以关键，是因为攻击者无需凭证即可直接利用，极大降低了攻击门槛并扩大了潜在受害面。典型场景包括远程代码执行、未授权数据访问及拒绝服务攻击，常见于配置错误的API接口、默认凭证服务或存在逻辑缺陷的认证前处理模块，对系统安全性构成直接且严重的威胁。

CVE ID	タイトル	CVSS	深刻度	公開日
CVE-2022-2265	Path traversal in Identity and Directory Management System — Çekino Bilgi TeknolojileriCWE-35	7.5	High	2022-09-21
CVE-2022-0495	SQL Injection in KOHA — Parantez TeknolojiCWE-89	9.4	Critical	2022-09-21
CVE-2022-2315	SQL Injection in Database Accreditation System — Database SoftwareCWE-89	9.4	Critical	2022-09-21
CVE-2022-23685	Aruba Networks ClearPass Policy Manager 跨站请求伪造漏洞 — Aruba ClearPass Policy Manager	8.8	-	2022-09-20
CVE-2022-37884	Aruba Networks ClearPass Policy Manager 安全漏洞 — Aruba ClearPass Policy Manager	7.5	-	2022-09-20
CVE-2020-36602	多款Huawei产品缓冲区错误漏洞 — 576up005 HOTA-CM-H-Shark-BD;577HOTA-CM-H-Shark-BD;581up-HOTA-CM-H-Shark-BD;586-HOTA-CM-H-Shark-BD;588-HOTA-CM-H-Shark-BD;606-HOTA-CM-H-Shark-BD;BI-ACC-REPORT;CM-H-Shark-BD	6.1	-	2022-09-20
CVE-2021-33076	Intel(R) SSD DC 授权问题漏洞 — Intel(R) SSD DC	5.3	Medium	2022-09-20
CVE-2022-2177	SQL Injection in Kayrasoft — KayrasoftCWE-89	9.4	Critical	2022-09-20
CVE-2022-3079	Festo: CPX-CEC-C1 and CMXX, Missing Authentication for Critical Webpage Function — Control block CPX-CEC-C1 (no. 567347)CWE-269	7.5	High	2022-09-20
CVE-2022-34917	Unauthenticated clients may cause OutOfMemoryError on Apache Kafka Brokers — Apache KafkaCWE-789	7.5	-	2022-09-20
CVE-2022-34746	Zyxel GS1900 安全特征问题特征问题漏洞 — Zyxel GS1900 series firmwareCWE-331	5.9	Medium	2022-09-20
CVE-2022-0143	LDAP Connector: When startTLS is used then LDAP connector ignores the wrong password — LDAP ConnectorCWE-284	9.3	Critical	2022-09-19
CVE-2022-2754	Ketchup Restaurant Reservations <= 1.0.0 - Unauthenticated Blind SQLi — Ketchup Restaurant ReservationsCWE-89	9.8	-	2022-09-19
CVE-2022-2753	Ketchup Restaurant Reservations <= 1.0.0 - Unauthenticated Stored XSS — Ketchup Restaurant ReservationsCWE-79	6.1	-	2022-09-19
CVE-2022-2840	Zephyr Project Manager < 3.2.5 - Multiple Unauthenticated SQLi — Zephyr Project ManagerCWE-89	9.8	-	2022-09-19
CVE-2022-39960	Atlassian Jira 安全漏洞 — n/a	5.3	-	2022-09-17
CVE-2022-3217	VISAM VBASE 安全漏洞 — VISAM VBASE	7.5	-	2022-09-16
CVE-2022-22520	User enumeration vulnerability in MB connect line and Helmholz products — mymbCONNECT24CWE-204	5.3	Medium	2022-09-14
CVE-2022-40626	Reflected XSS in the backurl parameter of Zabbix Frontend — FrontendCWE-79	4.8	Medium	2022-09-14
CVE-2022-39815	NOKIA 1350 OMS 操作系统命令注入漏洞 — n/a	9.8	-	2022-09-13
CVE-2022-40623	WAVLINK Quantum D4G (WN531G3) CSRF — WN531G3CWE-352	8.8	-	2022-09-13
CVE-2022-39208	Git Repository Disclosure in Onedev — onedevCWE-552	7.5	High	2022-09-13
CVE-2022-39205	Access Control Bypass in Onedev — onedevCWE-287	9.0	Critical	2022-09-13
CVE-2022-36779	PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Router (with GPS)4 Unauthenticated OS Command Injection — PROSCEND M330-w / M330-W5	6.5	Medium	2022-09-13
CVE-2022-38329	Shopxian CMS 跨站请求伪造漏洞 — n/a	6.5	-	2022-09-13
CVE-2022-38972	Six Apart Movable Type 跨站脚本漏洞 — A-Form	6.1	-	2022-09-12
CVE-2022-28742	aEnrich eHRD Learning Management Key Performance Indicator System 安全漏洞 — n/a	9.1	-	2022-09-09
CVE-2022-36876	SAMSUNG Mobile devices 安全漏洞 — Samsung PassCWE-285	1.8	Low	2022-09-09
CVE-2022-36793	WordPress WP Shop plugin <= 3.9.6 - Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities — WP Shop (WordPress plugin)CWE-264	6.5	Medium	2022-09-09
CVE-2022-38067	WordPress Event Calendar – Calendar plugin <= 1.4.6 - Unauthenticated Event Deletion vulnerability — Event Calendar – Calendar (WordPress plugin)CWE-264	6.5	Medium	2022-09-09

access:pre-auth 是常见的弱点类别，本平台收录该类弱点关联的 19065 条 CVE 漏洞。

目標達成 すべての支援者に感謝 — 100%達成しました！

access:pre-auth 标签下的 CVE 漏洞 19065

目標達成すべての支援者に感謝 — 100%達成しました！