access:pre-auth — CVE vulnerabilities tagged 18816

18816 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2018-25184	Surreal ToDo 0.6.1.2 Local File Inclusion via index.php — Surreal ToDoCWE-22	6.2	Medium	2026-03-06
CVE-2018-25182	Silurus Classifieds Script 2.0 SQL Injection via wcategory.php — Silurus Classifieds ScriptCWE-89	8.2	High	2026-03-06
CVE-2018-25181	Musicco 2.0.0 Arbitrary Directory Download via Path Traversal — MusiccoCWE-22	7.5	High	2026-03-06
CVE-2018-25179	Gumbo CMS 0.99 SQL Injection via settings endpoint — Gumbo CMSCWE-89	8.2	High	2026-03-06
CVE-2018-25178	Easyndexer 1.0 Arbitrary File Download via showtif.php — EasyndexerCWE-22	7.5	High	2026-03-06
CVE-2018-25177	Data Center Audit 2.6.2 Cross-Site Request Forgery via dca_resetpw.php — Data Center AuditCWE-352	5.3	Medium	2026-03-06
CVE-2018-25176	Alive Parish 2.0.4 SQL Injection and Arbitrary File Upload — Alive ParishCWE-352	8.2	High	2026-03-06
CVE-2018-25175	Alienor Web Libre 2.0 SQL Injection via index.php — Alienor Web LibreCWE-89	8.2	High	2026-03-06
CVE-2018-25174	ABC ERP 0.6.4 Cross-Site Request Forgery via _configurar_perfil.php — ABC ERPCWE-352	5.3	Medium	2026-03-06
CVE-2018-25173	Rmedia SMS 1.0 SQL Injection via editgrp.php — Rmedia SMSCWE-89	8.2	High	2026-03-06
CVE-2018-25172	Pedidos 1.0 SQL Injection via load_proveedores.php — PedidosCWE-89	8.2	High	2026-03-06
CVE-2018-25171	EdTv 2 SQL Injection via id Parameter — EdTvCWE-434	8.2	High	2026-03-06
CVE-2018-25170	DoceboLMS 1.2 SQL Injection via lesson.php — DoceboLMSCWE-352	8.2	High	2026-03-06
CVE-2018-25168	Precurio Intranet Portal 2.0 Cross-Site Request Forgery Add Admin — Precurio Intranet PortalCWE-434	4.3	Medium	2026-03-06
CVE-2018-25167	Net-Billetterie 2.9 SQL Injection via login.inc.php — BilletterieCWE-89	8.2	High	2026-03-06
CVE-2018-25166	Meneame English Pligg 5.8 SQL Injection via search Parameter — Meneame English PliggCWE-89	8.2	High	2026-03-06
CVE-2018-25164	EverSync 0.5 Arbitrary File Download via files Directory — EverSyncCWE-552	7.5	High	2026-03-06
CVE-2018-25163	BitZoom 1.0 SQL Injection via rollno Parameter — BitZoomCWE-89	8.2	High	2026-03-06
CVE-2026-3589	WooCommerce < 10.5.3 - Arbitrary Admin User Creation via CSRF — WooCommerce	8.8	-	2026-03-06
CVE-2026-2331	CVE-2026-2331 — SICK Lector85xCWE-552	9.8	Critical	2026-03-06
CVE-2026-2330	CVE-2026-2330 — SICK Lector85xCWE-552	9.4	Critical	2026-03-06
CVE-2026-2830	WP All Import <= 4.0.0 - Reflected Cross-Site Scripting via 'filepath' — WP All Import – Drag & Drop Import for CSV, XML, Excel & Google SheetsCWE-94	6.1	Medium	2026-03-06
CVE-2026-29183	SiYuan: Unauthenticated reflected SVG XSS in `/api/icon/getDynamicIcon` (`type=8`) enables arbitrary JavaScript execution — siyuanCWE-79	9.3	Critical	2026-03-06
CVE-2026-29059	Windmill: SUPERADMIN_SECRET (rarely used) can be accessed publicly — windmillCWE-22	7.5	-	2026-03-06
CVE-2026-29058	AVideo: Unauthenticated OS Command Injection via base64Url in objects/getImage.php — AVideo-EncoderCWE-78	9.8	Critical	2026-03-06
CVE-2026-2446	Powerpack for LearnDash < 1.3.0 - Unauthenticated Arbitrary Option Update — PowerPack for LearnDash	9.8	-	2026-03-06
CVE-2026-28794	oRPC: Prototype Pollution in `@orpc/client` via `StandardRPCJsonSerializer` Deserialization — orpcCWE-1321	9.8	-	2026-03-06
CVE-2026-28428	Talishar: Authentication Bypass via Empty authKey Parameter Allows Unauthenticated Game Actions — TalisharCWE-287	5.3	Medium	2026-03-06
CVE-2026-28508	Idno: Unauthenticated SSRF via URL Unfurl Endpoint — idnoCWE-918	6.5	-	2026-03-06
CVE-2026-27603	Chartbrew: Unauthenticated Chart Filter Endpoint: POST /project/:project_id/chart/:chart_id/filter missing verifyToken + checkPermissions — chartbrewCWE-306	5.3	-	2026-03-06

Vulnerabilities classified as access:pre-auth represent 18816 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

access:pre-auth — CVE vulnerabilities tagged 18816