Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19070

19070 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2021-28960 ZOHO ManageEngine Desktop Central 命令注入漏洞 — n/a 9.8 -2021-09-21
CVE-2020-16630 Texas Instruments Ble Stack 安全漏洞 — n/a 6.8 -2021-09-20
CVE-2021-39402 Maian Script World Maian Affiliate 代码注入漏洞 — n/a 7.2 -2021-09-20
CVE-2021-24741 Support Board < 3.3.4 - Multiple Unauthenticated SQL Injections — Support BoardCWE-89 9.8 -2021-09-20
CVE-2021-24657 Limit Login Attempts < 4.0.50 - Unauthenticated Stored Cross-Site Scripting — Limit Login AttemptsCWE-79 6.1 -2021-09-20
CVE-2021-24638 OMGF < 4.5.4 - Unauthenticated Path Traversal in REST API — OMGF | Host Google Fonts LocallyCWE-22 9.1 -2021-09-20
CVE-2021-24618 Donate With QRCode < 1.4.5 - Stored Cross-Site Scripting — Donate With QRCodeCWE-79 5.4 -2021-09-20
CVE-2019-9060 CMS Made Simple 路径遍历漏洞 — n/a 7.5 -2021-09-17
CVE-2021-41314 NETGEAR 注入漏洞 — n/a 8.8 -2021-09-16
CVE-2021-33705 SAP Enterprise Portal 代码问题漏洞 — SAP NetWeaver Enterprise PortalCWE-918 9.3 -2021-09-15
CVE-2021-33697 SAP ERP 安全漏洞 — SAP BusinessObjects Business Intelligence Platform (SAPUI5)CWE-1022 6.1 -2021-09-15
CVE-2021-40238 Webuzo 跨站脚本漏洞 — n/a 9.3 -2021-09-15
CVE-2021-23052 F5 BIG-IP APM输入验证错误漏洞 — BIG-IP APMCWE-601 6.1 -2021-09-14
CVE-2021-38177 SAP CommonCryptoLib代码问题漏洞 — SAP CommonCryptoLib 7.5 -2021-09-14
CVE-2021-38162 SAP Web dispatcher 环境问题漏洞 — SAP Web DispatcherCWE-444 8.9 High2021-09-14
CVE-2021-37206 Siemens SIPROTEC 5输入验证错误漏洞 — SIPROTEC 5 relays with CPU variants CP050CWE-20 7.5 -2021-09-14
CVE-2021-37193 Siemens SINEMA Remote Connect Server 安全漏洞 — SINEMA Remote Connect ServerCWE-471 4.3 -2021-09-14
CVE-2021-37191 Siemens SINEMA Remote Connect Server 安全漏洞 — SINEMA Remote Connect ServerCWE-799 4.3 -2021-09-14
CVE-2021-37184 Siemens Industrial Edge Management 授权问题漏洞 — Industrial Edge ManagementCWE-639 9.1 -2021-09-14
CVE-2021-37183 Siemens SINEMA Remote Connect Server 访问控制错误漏洞 — SINEMA Remote Connect ServerCWE-284 6.5 -2021-09-14
CVE-2021-37181 多款 Siemens 产品代码问题漏洞 — Cerberus DMS V4.0CWE-502 10.0 -2021-09-14
CVE-2021-37177 Siemens SINEMA Remote Connect Server 访问控制错误漏洞 — SINEMA Remote Connect ServerCWE-471 6.5 -2021-09-14
CVE-2021-27391 Siemens APOGEE MBC 缓冲区错误漏洞 — APOGEE MBC (PPC) (P2 Ethernet)CWE-120 9.8 -2021-09-14
CVE-2021-31891 Siemens Desigo CC 操作系统命令注入漏洞 — Desigo CCCWE-78 10.0 -2021-09-14
CVE-2021-39123 Atlassian Jira 资源管理错误漏洞 — Jira Server 7.5 -2021-09-14
CVE-2021-24508 Smash Balloon Social Post Feed < 2.19.2 - Unauthenticated Stored XSS — Smash Balloon Social Post FeedCWE-79 6.1 -2021-09-13
CVE-2021-24493 Shopp eCommerce <= 1.4 - Unauthenticated Arbitrary File Upload — ShoppCWE-434 9.8 -2021-09-13
CVE-2021-33543 UDP Technology/Geutebrück camera devices: Authentication Bypass — E2 SeriesCWE-306 9.8 Critical2021-09-13
CVE-2021-40870 Aviatrix Controller 代码问题漏洞 — n/a 9.8 -2021-09-13
CVE-2021-40867 Netgear NETGEAR 竞争条件问题漏洞 — n/a 7.8 High2021-09-13

Vulnerabilities classified as access:pre-auth represent 19070 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.