Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19070

19070 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2021-31361 Junos OS: QFX Series and PTX Series: FPC resource usage increases when certain packets are processed which are being VXLAN encapsulated — Junos OSCWE-754 5.3 Medium2021-10-19
CVE-2021-32663 Unauthorized setup leads to SSRF in Combodo/iTop — iTopCWE-918 8.7 High2021-10-19
CVE-2021-24677 Find My Blocks < 3.4.0 - Private Post Titles Disclosure — Find My BlocksCWE-862 5.3 -2021-10-18
CVE-2021-27561 Yealink Device Management 操作系统命令注入漏洞 — n/a 9.8 -2021-10-15
CVE-2021-40724 Adobe Acrobat Reader Android Abritrary Code Execution Vulnerability — Reader MobileCWE-22 7.8 High2021-10-15
CVE-2021-39864 Adobe Commerce Cross-Site Request Forgery (CSRF) Could Lead To Unauthorized Cart Addition — Magento CommerceCWE-352 6.5 Medium2021-10-15
CVE-2021-37933 Huntflow Enterprise 注入漏洞 — n/a 9.1 -2021-10-14
CVE-2020-19964 PHPMyWind 跨站请求伪造漏洞 — n/a 8.1 -2021-10-14
CVE-2021-20599 Mitsubishi Electric MELSEC iQ-R series 安全漏洞 — MELSEC iQ-R Series Safety CPU R08SFCPUCWE-319 9.1 Critical2021-10-14
CVE-2021-40842 Proofpoint Insider Threat Management Server SQL注入漏洞 — n/a 9.8 -2021-10-13
CVE-2021-20129 Draytek VigorConnect 日志信息泄露漏洞 — Draytek VigorConnect 7.5 -2021-10-13
CVE-2021-20125 Draytek VigorConnect 代码问题漏洞 — Draytek VigorConnect 9.8 -2021-10-13
CVE-2021-20124 Draytek VigorConnect 路径遍历漏洞 — Draytek VigorConnect 7.5 -2021-10-13
CVE-2021-20123 Draytek VigorConnect 路径遍历漏洞 — Draytek VigorConnect 7.5 -2021-10-13
CVE-2021-40500 SAP BusinessObjects Business Intelligence Platform和SAP BusinessObjects Business Intelligence Platform 代码问题漏洞 — SAP BusinessObjects Business Intelligence Platform (Crystal Reports)CWE-611 7.5 -2021-10-12
CVE-2021-26588 多款 HPE 产品代码问题漏洞 — HP 3PAR StoreServ 10000 Storage; HP 3PAR StoreServ 7000 Storage; HPE 3PAR StoreServ 8000 Storage; HPE Primera 600 Storage; HPE 3PAR StoreServ 20000; HPE Alletra 9000; HPE 3PAR StoreServ 9000 Storage 9.8 -2021-10-11
CVE-2021-27002 Netapp NetApp Cloud Manager 授权问题漏洞 — Cloud Manager 7.5 -2021-10-11
CVE-2021-27665 exacqVision Server 32-bit — exacqVision Web ServiceCWE-190 7.5 High2021-10-11
CVE-2021-27664 exacqVision Web Service — exacqVision Web ServiceCWE-269 9.8 Critical2021-10-11
CVE-2021-40542 Open Solutions For Education OpenSis-Classic 跨站脚本漏洞 — n/a 6.1 -2021-10-11
CVE-2021-24651 Poll Maker < 3.4.2 - Unauthenticated Time Based SQL Injection — Poll MakerCWE-89 7.5 -2021-10-11
CVE-2021-24563 Frontend Uploader <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting — Frontend UploaderCWE-79 5.4 -2021-10-11
CVE-2021-35060 OpenWay Group WAY4 ACS 安全漏洞 — n/a 5.3 -2021-10-11
CVE-2021-20600 Mitsubishi Electric MELSEC iQ-R series 资源管理错误漏洞 — Mitsubishi Electric MELSEC iQ-R series C Controller Module R12CCPU-V 5.9 -2021-10-08
CVE-2021-41920 webTareas SQL注入漏洞 — n/a 9.1 -2021-10-08
CVE-2021-41567 Tad Uploader - Stored XSS — UploaderCWE-79 6.1 Medium2021-10-08
CVE-2021-41563 Tad Book3 - Stored XSS — Tad Book3CWE-79 6.1 Medium2021-10-08
CVE-2021-36767 Digi RealPort 安全漏洞 — n/a 9.8 -2021-10-08
CVE-2021-42071 Ax-Solutions Visual Tools Dvr Vx16 操作系统命令注入漏洞 — n/a 9.8 -2021-10-07
CVE-2021-3832 Integria IMS Remote Code Execution — Integria IMSCWE-434 9.8 Critical2021-10-07

Vulnerabilities classified as access:pre-auth represent 19070 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.