access:pre-auth 类型相关 19065 条 CVE 漏洞,含 AI 中文分析、CVSS、参考链接与 POC。
“access:pre-auth”标签标识了无需身份验证即可触发的漏洞,涵盖18971个CVE。此类漏洞之所以关键,是因为攻击者无需凭证即可直接利用,极大降低了攻击门槛并扩大了潜在受害面。典型场景包括远程代码执行、未授权数据访问及拒绝服务攻击,常见于配置错误的API接口、默认凭证服务或存在逻辑缺陷的认证前处理模块,对系统安全性构成直接且严重的威胁。
| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2022-29402 | TP-LINK TL-WR840N 访问控制错误漏洞 — n/a | 6.8 | Medium | 2022-05-25 |
| CVE-2022-22309 | IBM Power System 访问控制错误漏洞 — Power System S922 Server | 6.8 | - | 2022-05-24 |
| CVE-2014-125001 | Cardo Systems Scala Rider Q3 安全漏洞 — Scala Rider Q3CWE-269 | 8.1 | High | 2022-05-24 |
| CVE-2022-22306 | Fortinet FortiOS 信任管理问题漏洞 — Fortinet FortiOS | 5.4 | Medium | 2022-05-24 |
| CVE-2021-45914 | LuxSoft LuxCal Web Calendar 授权问题漏洞 — n/a | 9.8 | - | 2022-05-24 |
| CVE-2021-45915 | LuxSoft LuxCal Web Calendar 授权问题漏洞 — n/a | 9.8 | - | 2022-05-24 |
| CVE-2022-0781 | WordPress plugin Nirweb support SQL注入漏洞 — Nirweb supportCWE-89 | 9.8 | - | 2022-05-23 |
| CVE-2022-29165 | ArgoCD 安全漏洞 — argo-cdCWE-200 | 10.0 | Critical | 2022-05-20 |
| CVE-2022-21500 | Oracle E-Business Suite 信息泄露漏洞 — User Management | 7.5 | High | 2022-05-19 |
| CVE-2020-16231 | Bachmann Electronic All M-Base Controllers 加密问题漏洞 — M1 Hardware Controller MX207CWE-916 | 7.2 | High | 2022-05-19 |
| CVE-2021-37413 | GRANDCOM DynWEB SQL注入漏洞 — n/a | 9.8 | - | 2022-05-19 |
| CVE-2022-28921 | BlogEngine 跨站请求伪造漏洞 — n/a | 6.5 | - | 2022-05-18 |
| CVE-2022-22778 | TIBCO BusinessConnect Trading Community Management 跨站请求伪造漏洞 — TIBCO BusinessConnect Trading Community Management | 8.8 | High | 2022-05-18 |
| CVE-2022-22777 | TIBCO BusinessConnect Trading Community Management 跨站脚本漏洞 — TIBCO BusinessConnect Trading Community Management | 6.1 | Medium | 2022-05-18 |
| CVE-2022-25162 | Mitsubishi Electric MELSEC iQ-F series 输入验证错误漏洞 — Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS); Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS); Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS); Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/ES-A(x=24,40,60, y=T,R); Mitsubishi Electric MELSEC iQ-F series FX5S-xMy/z(x=30,40,60,80, y=T,R, z=ES,ESS) | 5.8 | - | 2022-05-18 |
| CVE-2022-25161 | Mitsubishi Electric MELSEC iQ-F series 输入验证错误漏洞 — Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS); Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS); Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS); Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/ES-A(x=24,40,60, y=T,R); Mitsubishi Electric MELSEC iQ-F series FX5S-xMy/z(x=30,40,60,80, y=T,R, z=ES,ESS) | 5.8 | - | 2022-05-18 |
| CVE-2021-42851 | Lenovo Personal Cloud Storage 安全漏洞 — Personal Cloud Storage A1CWE-862 | 6.3 | Medium | 2022-05-18 |
| CVE-2021-42848 | Lenovo Personal Cloud Storage 安全漏洞 — Personal Cloud Storage A1CWE-862 | 4.3 | Medium | 2022-05-18 |
| CVE-2021-3956 | Lenovo XClarity Controller 安全漏洞 — XClarity Controller (XCC)CWE-863 | 4.3 | Medium | 2022-05-18 |
| CVE-2022-28955 | D-Link DIR816 授权问题漏洞 — n/a | 7.5 | - | 2022-05-18 |
| CVE-2022-1361 | Cambium Networks cnMaestro SQL注入漏洞 — cnMaestroCWE-89 | 7.4 | High | 2022-05-17 |
| CVE-2022-1357 | Cambium Networks cnMaestro 操作系统命令注入漏洞 — cnMaestroCWE-78 | 9.8 | Critical | 2022-05-17 |
| CVE-2022-24856 | FlyteConsole 代码问题漏洞 — flyteconsoleCWE-918 | 9.1 | Critical | 2022-05-17 |
| CVE-2021-27446 | Rusavtomatika Weintek EasyWeb cMT 代码注入漏洞 — cMT-SVR-1xx/2xxCWE-94 | 10.0 | Critical | 2022-05-16 |
| CVE-2021-27444 | Rusavtomatika Weintek EasyWeb cMT 安全漏洞 — cMT-SVR-1xx/2xxCWE-284 | 9.8 | Critical | 2022-05-16 |
| CVE-2021-27442 | Rusavtomatika Weintek EasyWeb cMT 跨站脚本漏洞 — cMT-SVR-1xx/2xxCWE-79 | 9.4 | Critical | 2022-05-16 |
| CVE-2022-1560 | WordPress plugin Amministrazione Aperta 路径遍历漏洞 — Amministrazione ApertaCWE-22 | 8.1 | - | 2022-05-16 |
| CVE-2022-0867 | WordPress plugin Pricing Table SQL注入漏洞 — Pricing Table PluginCWE-89 | 9.8 | - | 2022-05-16 |
| CVE-2021-33009 | mySCADA myPRO 代码问题漏洞 — myPROCWE-434 | 7.5 | High | 2022-05-13 |
| CVE-2021-33005 | mySCADA myPRO 路径遍历漏洞 — myPROCWE-22 | 7.5 | High | 2022-05-13 |
access:pre-auth 是常见的弱点类别,本平台收录该类弱点关联的 19065 条 CVE 漏洞。