Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19070

19070 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2021-36019 Adobe After Effects PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability — After EffectsCWE-125 3.3 Low2021-09-02
CVE-2021-36018 Adobe After Effects PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability — After EffectsCWE-125 3.3 Low2021-09-02
CVE-2021-38314 Gutenberg Template Library & Redux Framework <= 4.2.11 Sensitive Information Disclosure — Gutenberg Template Library & Redux FrameworkCWE-200 5.3 Medium2021-09-02
CVE-2021-28564 Adobe Acrobat Reader out-of-bounds write vulnerability could lead to arbitrary code execution — Acrobat ReaderCWE-787 8.8 High2021-09-02
CVE-2021-28561 Adobe Acrobat Reader memory corruption vulnerability could lead to remote code execution — Acrobat ReaderCWE-787 8.8 High2021-09-02
CVE-2021-28559 Adobe Acrobat Reader privacy violation vulnerability could lead to privilege escalation — Acrobat ReaderCWE-359 5.3 Medium2021-09-02
CVE-2021-28565 Adobe Acrobat Reader out-of-bounds read could lead to information exposure — Acrobat ReaderCWE-125 4.3 Medium2021-09-02
CVE-2021-28560 Adobe Acrobat Reader heap corruption vulnerability could lead to arbitrary code execution — Acrobat ReaderCWE-122 8.8 High2021-09-02
CVE-2021-28557 Adobe Acrobat Reader out-of-bounds read in PDFLibTool could lead to information exposure — Acrobat ReaderCWE-125 4.3 Medium2021-09-02
CVE-2021-28553 Adobe Acrobat Reader use-after-free vulnerability could lead to arbitrary code execution — Acrobat ReaderCWE-416 8.8 -2021-09-02
CVE-2021-28550 Adobe Acrobat Reader use after free vulnerability could lead to arbitrary code execution — Acrobat ReaderCWE-416 8.8 -2021-09-02
CVE-2021-28555 Adobe Acrobat Reader out-of-bounds Read could lead to information disclosure — Acrobat ReaderCWE-125 4.3 -2021-09-02
CVE-2021-28558 Adobe Acrobat Reader heap-based buffer overflow could lead to arbitrary code execution — Acrobat ReaderCWE-122 8.8 -2021-09-02
CVE-2021-21086 Adobe Reader CoolType Arbitrary Stack Manipulation — Acrobat ReaderCWE-787 7.8 High2021-09-02
CVE-2021-34746 Cisco Enterprise NFV Infrastructure Software Authentication Bypass Vulnerability — Cisco Enterprise NFV Infrastructure SoftwareCWE-289 9.8 Critical2021-09-02
CVE-2021-34732 Cisco Prime Collaboration Provisioning Cross-Site Scripting Vulnerability — Cisco Prime Collaboration ProvisioningCWE-79 6.1 Medium2021-09-02
CVE-2021-36061 Adobe Connect Violation of Secure Design Principles Vulnerability Can Lead To Editing Or Deleting Recordings — ConnectCWE-657 5.4 Medium2021-09-01
CVE-2021-36044 Magento Commerce GraphQL Improper Input Validation Could Lead To Denial Of Service — Magento CommerceCWE-20 7.5 High2021-09-01
CVE-2021-36030 Magento Commerce Improper Input Validation During Checkout Process Could Lead To Privilege Escalation — Magento CommerceCWE-20 7.5 High2021-09-01
CVE-2021-36020 Magento Commerce XML Injection Vulnerability In The 'City' Field Could Lead To Remote Code Execution — Magento CommerceCWE-91 8.2 High2021-09-01
CVE-2021-37415 ZOHO ManageEngine ServiceDesk Plus 访问控制错误漏洞 — n/a 9.1 -2021-09-01
CVE-2021-22002 Vmware vRealize Automation 授权问题漏洞 — VMware Workspace ONE Access, Identity Manager and vRealize Automation 9.8 -2021-08-31
CVE-2021-27668 HashiCorp Vault 访问控制错误漏洞 — n/a 5.3 -2021-08-31
CVE-2021-34581 WAGO: Denial of Service vulnerability inside the OpenSSL implementation — 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889CWE-772 7.5 High2021-08-31
CVE-2021-34578 WAGO: Authentication Vulnerability in Web-Based Management — PLCCWE-287 9.8 Critical2021-08-31
CVE-2021-33555 A vulnerability may allow remote attackers to read arbitrary files on the server of the WirelessHART-Gateway — WHA-GW-F2D2-0-AS- Z2-ETHCWE-22 7.5 High2021-08-31
CVE-2020-13639 Outsystems OutSystems Platform 跨站脚本漏洞 — n/a 6.1 -2021-08-31
CVE-2021-39175 XSS vector in slide mode speaker-view — hedgedocCWE-74 8.1 High2021-08-30
CVE-2021-33055 ZOHO ManageEngine ADSelfService Plus 操作系统命令注入漏洞 — n/a 9.8 -2021-08-30
CVE-2021-22025 VMware vRealize Operations 授权问题漏洞 — VMware vRealize Operations 7.5 -2021-08-30

Vulnerabilities classified as access:pre-auth represent 19070 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.