Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19065

19065 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2022-20696 Cisco SD-WAN vManage Software Unauthenticated Access to Messaging Services Vulnerability — Cisco SD-WAN vManageCWE-284 7.5 High2022-09-08
CVE-2022-20863 Cisco Webex Meetings App Character Interface Manipulation Vulnerability — Cisco Webex Meetings Desktop AppCWE-450 4.3 Medium2022-09-08
CVE-2022-20923 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers IPSec VPN Server Authentication Bypass Vulnerability — Cisco Small Business RV Series Router FirmwareCWE-303 4.0 Medium2022-09-08
CVE-2022-38400 SYNCK GRAPHICA Mailform Pro CGI 信息泄露漏洞 — Mailform Pro CGI 5.9 -2022-09-08
CVE-2022-38394 Allied Telesis CentreCOM AR260S 信任管理问题漏洞 — CentreCOM AR260S V2 9.8 -2022-09-08
CVE-2022-37146 PlexTrac 安全漏洞 — n/a 3.7 -2022-09-08
CVE-2022-37145 PlexTrac API 安全漏洞 — n/a 7.5 -2022-09-08
CVE-2022-37144 PlexTrac API 安全漏洞 — n/a 8.8 -2022-09-08
CVE-2022-1368 Cognex 3D-A1000 Dimensioning System Missing Authentication for Critical Function — 3D-A1000 Dimensioning SystemCWE-306 9.8 Critical2022-09-06
CVE-2022-31789 WatchGuard Firebox 输入验证错误漏洞 — n/a 9.8 -2022-09-06
CVE-2022-31790 WatchGuard Firebox 安全漏洞 — n/a 7.5 -2022-09-06
CVE-2022-2939 WP Cerber Security <= 9.0 - User Enumeration Bypass — WP Cerber Security, Anti-spam & Malware ScanCWE-200 5.3 Medium2022-09-06
CVE-2022-2540 Link Optimizer Lite <= 1.4.5 - Cross-Site Request Forgery to Cross-Site Scripting — Link Optimizer LiteCWE-352 8.8 High2022-09-06
CVE-2022-2541 uContext for Amazon <= 3.9.1 - Cross-Site Request Forgery to Cross-Site Scripting — uContext for AmazonCWE-352 8.8 High2022-09-06
CVE-2022-2542 uContext for Clickbank <= 3.9.1 - Cross-Site Request Forgery to Cross-Site Scripting — uContext for ClickbankCWE-352 8.8 High2022-09-06
CVE-2022-2633 WordPress plugin All-in-One Video Gallery 安全漏洞 — All-in-One Video Gallery 7.5 High2022-09-06
CVE-2022-2461 Transposh WordPress Translation <= 1.0.9.6 - Unauthorized Settings Change — Transposh WordPress TranslationCWE-862 5.3 Medium2022-09-06
CVE-2022-2518 Stockists Manager for Woocommerce <= 1.0.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Stockists Manager for WoocommerceCWE-352 8.8 High2022-09-06
CVE-2022-2434 String Locator <= 2.5.0 - Cross-Site Request Forgery to PHAR Deserialization — String locatorCWE-502 8.8 High2022-09-06
CVE-2022-2462 Transposh WordPress Translation <= 1.0.9.6 - Sensitive Information Disclosure — Transposh WordPress TranslationCWE-200 5.3 Medium2022-09-06
CVE-2022-2432 Ecwid Ecommerce Shopping Cart <= 6.10.23 - Cross-Site Request Forgery to Settings/Options Update — Ecwid Ecommerce Shopping CartCWE-352 8.8 High2022-09-06
CVE-2022-2433 WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Cross-Site Request Forgery to PHAR Deserialization — Ajax Load More – Infinite Scroll, Load More, & Lazy LoadCWE-502 7.5 High2022-09-06
CVE-2022-2233 Banner Cycler <= 1.4 - Cross-Site Request Forgery to Cross-Site Scripting — Banner CyclerCWE-352 8.8 High2022-09-06
CVE-2022-23690 Aruba AOS-CX 安全漏洞 — Aruba CX 6200F Switch Series; Aruba 6300 Switch Series; Aruba 6400 Switch Series; Aruba 8325 Switch Series; Aruba 8400 Switch Series; Aruba CX 8360 Switch Series; ArubaOS-CX Switches 5.3 -2022-09-06
CVE-2022-34867 WordPress WP Libre Form 2 plugin <= 2.0.8 - Unauthenticated Sensitive Information Disclosure vulnerability — WP Libre Form 2 (WordPress plugin)CWE-200 7.3 High2022-09-06
CVE-2022-26114 Fortinet FortiMail 跨站脚本漏洞 — Fortinet FortiMail 5.4 Medium2022-09-06
CVE-2022-27491 Fortinet FortiOS 安全漏洞 — Fortinet FortiOS 6.8 Medium2022-09-06
CVE-2022-38367 Atlassian Jira 安全漏洞 — n/a--2022-09-05
CVE-2022-2657 Multivendor Marketplace Solution for WooCommerce < 3.8.12 - Unauthorised AJAX Calls — Multivendor Marketplace Solution for WooCommerce – WC MarketplaceCWE-862 4.3 -2022-09-05
CVE-2022-2565 Best Payments Plugin for WP < 4.2.1 - Unauthenticated Stored Cross-Site Scripting — Simple Payment Donations & Subscriptions Plugin by Paymattic – Best Payments Plugin for WPCWE-79 6.1 -2022-09-05

Vulnerabilities classified as access:pre-auth represent 19065 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.