access:pre-auth 类型相关 19065 条 CVE 漏洞,含 AI 中文分析、CVSS、参考链接与 POC。
“access:pre-auth”标签标识了无需身份验证即可触发的漏洞,涵盖18971个CVE。此类漏洞之所以关键,是因为攻击者无需凭证即可直接利用,极大降低了攻击门槛并扩大了潜在受害面。典型场景包括远程代码执行、未授权数据访问及拒绝服务攻击,常见于配置错误的API接口、默认凭证服务或存在逻辑缺陷的认证前处理模块,对系统安全性构成直接且严重的威胁。
| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2021-46382 | NETGEAR WAC120 跨站脚本漏洞 — n/a | 6.1 | - | 2022-03-04 |
| CVE-2021-46378 | D-Link DIR850 ET850-1.08TRb03 安全漏洞 — n/a | 7.5 | - | 2022-03-04 |
| CVE-2020-18326 | Subrion CMS 跨站请求伪造漏洞 — n/a | 8.8 | - | 2022-03-04 |
| CVE-2022-24573 | Element-IT HTTP Commander 跨站脚本漏洞 — n/a | 6.1 | - | 2022-03-03 |
| CVE-2021-41003 | Aruba AOS-CX 跨站脚本漏洞 — Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series | 9.6 | - | 2022-03-02 |
| CVE-2021-32586 | Fortinet FortiMail 输入验证错误漏洞 — Fortinet FortiMail | 7.7 | High | 2022-03-01 |
| CVE-2021-36171 | Fortinet FortiPortal 安全特征问题漏洞 — Fortinet FortiPortal | 8.1 | High | 2022-03-01 |
| CVE-2022-22262 | Asus Rog Live Service 后置链接漏洞 — Armoury Crate & Aura Creator Installer (ROG Live Service)CWE-59 | 7.7 | High | 2022-03-01 |
| CVE-2020-12775 | Hicos Citizen Certificate Client-side Component 操作系统命令注入漏洞 — citizen certificate client-side componentCWE-78 | 9.8 | Critical | 2022-03-01 |
| CVE-2020-22845 | Mikrotik RouterOS 安全漏洞 — n/a | 7.5 | - | 2022-02-28 |
| CVE-2020-22844 | Mikrotik RouterOS 安全漏洞 — n/a | 7.5 | - | 2022-02-28 |
| CVE-2022-23988 | WordPress plugin 跨站脚本漏洞 — WS Form LITE – Drag & Drop Contact Form Builder for WordPressCWE-79 | 6.1 | - | 2022-02-28 |
| CVE-2022-0412 | WordPress SQL注入漏洞 — TI WooCommerce WishlistCWE-89 | 9.8 | - | 2022-02-28 |
| CVE-2022-0385 | WordPress 跨站脚本漏洞 — Crazy BoneCWE-79 | 6.1 | - | 2022-02-28 |
| CVE-2021-24994 | WordPress plugin跨站脚本漏洞 — Migration, Backup, Staging – WPvivid Backup and Migration PluginCWE-79 | 6.1 | - | 2022-02-28 |
| CVE-2021-24977 | WordPress 安全漏洞 — Use Any Font | Custom Font UploaderCWE-862 | 6.1 | - | 2022-02-28 |
| CVE-2021-24688 | Wordpress Plugin Orange Form 跨站请求伪造漏洞 — Orange FormCWE-284 | 4.3 | - | 2022-02-28 |
| CVE-2022-26159 | Ametys Cms 信息泄露漏洞 — n/a | 7.5 | - | 2022-02-28 |
| CVE-2022-25359 | Industrial Control Links Icl ScadaFlex II Scada Controllers 访问控制错误漏洞 — n/a | 9.1 | - | 2022-02-26 |
| CVE-2022-25095 | Home Owners Collection Management System 安全漏洞 — n/a | 9.8 | - | 2022-02-25 |
| CVE-2022-24336 | JetBrains TeamCity 授权问题漏洞 — n/a | 5.3 | - | 2022-02-25 |
| CVE-2022-25149 | WordPress SQL注入漏洞 — WP StatisticsCWE-89 | 9.8 | Critical | 2022-02-24 |
| CVE-2022-0651 | WordPress plugin WP Statistics SQL注入漏洞 — WP StatisticsCWE-89 | 9.8 | Critical | 2022-02-24 |
| CVE-2020-14502 | Rockwell Automation 1734-AENTR 跨站脚本漏洞 — 1734-AENTRCWE-79 | 6.1 | - | 2022-02-24 |
| CVE-2020-14504 | Rockwell Automation 1734-AENTR 授权问题漏洞 — 1734-AENTRCWE-284 | 7.5 | - | 2022-02-24 |
| CVE-2022-22794 | Cybonet PineApp Mail Secure SQL注入漏洞 — Pineapp Mail Relay | 6.8 | Medium | 2022-02-24 |
| CVE-2022-25355 | EC-CUBE 安全漏洞 — EC-CUBE 3 series and EC-CUBE 4 series | 5.3 | - | 2022-02-24 |
| CVE-2022-24435 | PhpUploader 跨站脚本漏洞 — phpUploader | 6.1 | - | 2022-02-24 |
| CVE-2022-23986 | PhpUploader SQL注入漏洞 — phpUploader | 7.5 | - | 2022-02-24 |
| CVE-2022-21179 | Ec-cube 跨站请求伪造漏洞 — EC-CUBE plugin 'Mail Magazine Management Plugin' | 7.1 | - | 2022-02-24 |
access:pre-auth 是常见的弱点类别,本平台收录该类弱点关联的 19065 条 CVE 漏洞。