Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19065

19065 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2022-21142 Appleple a-blog cms 授权问题漏洞 — a-blog cms 9.8 -2022-02-24
CVE-2021-26092 Fortinet FortiGate 跨站脚本漏洞 — Fortinet FortiOS, FortiProxy 4.7 Medium2022-02-24
CVE-2022-25329 Trend Micro ServerProtect信任管理问题漏洞 — Trend Micro ServerProtect for Storage 9.8 -2022-02-24
CVE-2022-25148 WP Statistics <= 13.1.5 Unauthenticated Blind SQL Injection via current_page_id — WP StatisticsCWE-89 9.8 Critical2022-02-24
CVE-2022-25402 Hms 安全漏洞 — n/a 9.1 -2022-02-23
CVE-2022-20623 Cisco Nexus 9000 Series Switches Bidirectional Forwarding Detection Denial of Service Vulnerability — Cisco NX-OS SoftwareCWE-399 8.6 High2022-02-23
CVE-2022-20624 Cisco NX-OS Software Cisco Fabric Services Over IP Denial of Service Vulnerability — Cisco NX-OS SoftwareCWE-400 8.6 High2022-02-23
CVE-2022-20625 Cisco FXOS and NX-OS Software Cisco Discovery Protocol Service Denial of Service Vulnerability — Cisco NX-OS SoftwareCWE-399 4.3 Medium2022-02-23
CVE-2022-25074 Tp-Link Tl-Wr902Ac 缓冲区错误漏洞 — n/a 9.8 -2022-02-22
CVE-2022-25072 Tp-Link Archer A54缓冲区错误漏洞 — n/a 9.8 -2022-02-22
CVE-2022-25073 Tp-link TL-WR841N 缓冲区错误漏洞 — n/a 9.8 -2022-02-22
CVE-2021-44567 RosarioSis SQL注入漏洞 — n/a 9.8 -2022-02-22
CVE-2021-26256 WordPress Survey Maker plugin <= 2.0.6 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability — Survey Maker (WordPress plugin)CWE-79 4.7 Medium2022-02-21
CVE-2022-0234 WOOCS < 1.3.7.5 - Reflected Cross-Site Scripting — WOOCS – Currency Switcher for WooCommerce. Professional and Free multi currency plugin – Pay in selected currencyCWE-79 6.1 -2022-02-21
CVE-2021-25099 Give < 2.17.3 - Unauthenticated Reflected Cross-Site Scripting — GiveWP – Donation Plugin and Fundraising PlatformCWE-79 6.1 -2022-02-21
CVE-2022-24980 Kitodo Presentation 代码问题漏洞 — n/a 7.5 -2022-02-19
CVE-2022-24979 Varnishcache信息泄露漏洞 — n/a 5.3 -2022-02-19
CVE-2022-23228 Pexip Infinity 安全漏洞 — n/a 7.5 -2022-02-18
CVE-2022-20653 Cisco Email Security Appliance DNS Verification Denial of Service Vulnerability — Cisco Email Security Appliance (ESA)CWE-399 7.5 High2022-02-17
CVE-2022-20750 Cisco Redundancy Configuration Manager for Cisco StarOS Software TCP Denial of Service Vulnerability — Cisco Redundancy Configuration ManagerCWE-20 5.3 Medium2022-02-17
CVE-2022-20659 Cisco Prime Infrastructure and Evolved Programmable Network Manager Cross-Site Scripting Vulnerability — Cisco Prime InfrastructureCWE-79 6.1 Medium2022-02-17
CVE-2022-22899 Core FTP 缓冲区错误漏洞 — n/a 7.5 -2022-02-17
CVE-2022-24984 JqueryForm.com Jquery Form Builder 安全漏洞 — n/a 9.8 -2022-02-16
CVE-2022-24983 JqueryForm.com Jquery Form Builder 安全漏洞 — n/a 9.1 -2022-02-16
CVE-2022-23199 Adobe Illustrator NULL Pointer Dereference Application denial-of-service — IllustratorCWE-476 5.5 Medium2022-02-16
CVE-2022-23198 Adobe Illustrator NULL Pointer Dereference Application denial-of-service — IllustratorCWE-476 5.5 Medium2022-02-16
CVE-2022-23189 Adobe Illustrator NULL Pointer Dereference Application denial-of-service — IllustratorCWE-476 5.5 Medium2022-02-16
CVE-2022-0513 WP Statistics <= 13.1.4 Unauthenticated Blind SQL Injection via exclusion_reason — WP StatisticsCWE-89 9.8 Critical2022-02-16
CVE-2021-35380 Solari Di Udine TermTalk Server 路径遍历漏洞 — n/a 7.5 -2022-02-15
CVE-2022-22770 TIBCO AuditSafe API Authentication vulnerability — TIBCO AuditSafe 9.8 Critical2022-02-15

Vulnerabilities classified as access:pre-auth represent 19065 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.