Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19070

19070 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2021-38529 Netgear NETGEAR 命令注入漏洞 — n/a 8.3 High2021-08-11
CVE-2021-38530 Netgear NETGEAR 命令注入漏洞 — n/a 9.6 Critical2021-08-11
CVE-2020-23171 Nim 安全漏洞 — n/a 5.5 -2021-08-10
CVE-2021-21564 Dell OpenManage Enterprise 授权问题漏洞 — Dell OpenManage EnterpriseCWE-200 9.8 Critical2021-08-09
CVE-2021-33256 zoho ManageEngine ADSelfService Plus 安全漏洞 — n/a 8.8 -2021-08-09
CVE-2021-37788 Gurock Software Gurock TestRail 安全漏洞 — n/a 5.4 -2021-08-09
CVE-2021-24507 Astra Pro Addon < 3.5.2 - Unauthenticated SQL Injection — Astra Pro AddonCWE-89 9.8 -2021-08-09
CVE-2021-24304 Newsmag < 5.0 - Unauthenticated Reflected Cross-site Scripting (XSS) — NewsmagCWE-79 6.1 -2021-08-09
CVE-2021-24499 Workreap theme < 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution — WorkreapCWE-434 9.8 -2021-08-09
CVE-2021-38167 Roxy-WI SQL注入漏洞 — n/a 9.8 -2021-08-07
CVE-2021-38159 Progress Software MOVEit Transfer SQL注入漏洞 — n/a 9.8 -2021-08-07
CVE-2021-38157 Leostream Connection Broker 跨站脚本漏洞 — n/a 6.1 -2021-08-06
CVE-2021-20598 Mitsubishi Electric MELSEC iQ-R series 授权问题漏洞 — MELSEC iQ-R series CPU modules R08/16/32/120SFCPU; R08/16/32/120PSFCPU 8.2 -2021-08-06
CVE-2021-20594 Mitsubishi Electric MELSEC iQ-R series 信息泄露漏洞 — Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU 5.3 -2021-08-06
CVE-2021-20597 Mitsubishi Electric MELSEC iQ-R series 访问控制错误漏洞 — Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU 9.1 -2021-08-06
CVE-2021-38155 OpenStack 安全漏洞 — n/a 7.5 -2021-08-06
CVE-2021-20592 Mitsubishi Electric GOT2000 安全漏洞 — GOT2000 series GT27 model; GT25 model; GT23 model; GT SoftGOT2000 7.5 -2021-08-05
CVE-2021-21739 ZTE ZXCTN 数据伪造问题漏洞 — <ZXCTN 6120H>--2021-08-05
CVE-2021-23849 Cross Site Request Forgery (CSRF) vulnerability in web based management interface — CPP FirmwareCWE-352 7.5 High2021-08-05
CVE-2021-32579 Acronis True Image 授权问题漏洞 — n/a 7.8 -2021-08-05
CVE-2021-38095 Planview Spigit 安全漏洞 — n/a 5.3 -2021-08-05
CVE-2021-22124 Fortinet FortiSandbox 和 Fortinet FortiAuthenticator 资源管理错误漏洞 — Fortinet FortiSandbox, FortiAuthenticator 7.5 High2021-08-04
CVE-2021-24014 Fortinet FortiSandbox 跨站脚本漏洞 — Fortinet FortiSandbox 5.4 Medium2021-08-04
CVE-2021-1602 Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability — Cisco Small Business RV Series Router FirmwareCWE-78 8.2 High2021-08-04
CVE-2021-35397 Drogon 路径遍历漏洞 — n/a 7.5 -2021-08-04
CVE-2021-33323 Liferay Portal 和 Liferay DXP 安全漏洞 — n/a 5.3 -2021-08-03
CVE-2021-37558 Centreon SQL注入漏洞 — n/a 9.8 -2021-08-03
CVE-2021-21579 Dell EMC iDRAC9 输入验证错误漏洞 — Integrated Dell Remote Access Controller (iDRAC)CWE-601 6.1 Medium2021-08-03
CVE-2021-21578 Dell EMC iDRAC9 输入验证错误漏洞 — Integrated Dell Remote Access Controller (iDRAC)CWE-601 6.1 Medium2021-08-03
CVE-2021-24504 WP LMS <= 1.1.2 - Stored Cross-Site Scripting (XSS) — WP LMS – Best WordPress LMS PluginCWE-79 6.1 -2021-08-02

Vulnerabilities classified as access:pre-auth represent 19070 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.