Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

access:pre-auth — CVE vulnerabilities tagged 18802

18802 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPaused
CVE-2026-40908 WWBN AVideo has an Unauthenticated Information Disclosure via git.json.php that Exposes Developer Emails and Deployed Version — AVideoCWE-200 5.3 Medium2026-04-21
CVE-2026-40885 goshs: Public collaborator feed leaks .goshs ACL credentials and enables unauthorized access — goshsCWE-200 9.1AICriticalAI2026-04-21
CVE-2026-40884 goshs: Empty-username SFTP password authentication bypass in goshs — goshsCWE-306 9.8 Critical2026-04-21
CVE-2026-40887 @vendure/core has a SQL Injection vulnerability — vendureCWE-89 9.1 Critical2026-04-21
CVE-2026-40872 mailcow: dockerized vulnerable to stored XSS in autodiscover logs email address field — mailcow-dockerizedCWE-79 6.1AIMediumAI2026-04-21
CVE-2026-41456 Bludit CMS Reflected XSS via Search Plugin — bluditCWE-79 6.1AIMediumAI2026-04-21
CVE-2026-40613 Coturn: Misaligned Memory Access in coturn STUN Attribute Parser (Remote DoS on ARM64) — coturnCWE-704 7.5 High2026-04-21
CVE-2026-40050 CrowdStrike LogScale Unauthenticated Path Traversal — LogScale Self-HostedCWE-306 9.8 Critical2026-04-21
CVE-2026-40576 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in excel-mcp-server — excel-mcp-serverCWE-22 9.4 Critical2026-04-21
CVE-2026-24189 NVIDIA CUDA-Q 缓冲区错误漏洞 — CUDA-QCWE-125 8.2 High2026-04-21
CVE-2019-25714 Seeyon Office Anywhere (OA) A8 Unauthenticated Arbitrary File Write via htmlofficeservlet — A8-V5 Collaborative Management SoftwareCWE-434 9.8AICriticalAI2026-04-21
CVE-2026-40567 FreeScout has HTML Injection in Outgoing Emails via Unsanitized Customer Name in Signature Variables — freescoutCWE-116 5.8 Medium2026-04-21
CVE-2026-40498 FreeScout has Authentication Bypass and Information Disclosure in SystemController via /system/cron — freescoutCWE-200 9.1AICriticalAI2026-04-21
CVE-2026-41039 Information Disclosure Vulnerability in Quantum Networks Router QN-I-470 — Router QN-I-470CWE-306 7.5AIHighAI2026-04-21
CVE-2026-6711 Website LLMs.txt <= 8.2.6 - Reflected Cross-Site Scripting — Website LLMs.txtCWE-79 6.1 Medium2026-04-21
CVE-2026-5965 NewSoft|NewSoftOA - OS Command Injection — NewSoftOACWE-78 9.8 Critical2026-04-21
CVE-2026-6675 Responsive Blocks <= 2.2.0 - Unauthenticated Open Email Relay via REST API 'email_to' Parameter — Responsive Blocks – Page Builder for Blocks & PatternsCWE-20 5.3 Medium2026-04-21
CVE-2026-40496 FreeScout has Predictable Attachment Token that Allows Unauthenticated Private File Download via Brute Force — freescoutCWE-330 8.2AIHighAI2026-04-21
CVE-2026-39320 Signal K Server has an Unauthenticated Regular Expression Denial of Service (ReDoS) via WebSocket Subscription Paths — signalk-serverCWE-400 7.5 High2026-04-21
CVE-2026-34839 Glances Vulnerable to Cross-Origin Information Disclosure via Unauthenticated REST API (/api/4) due to Permissive CORS — glancesCWE-200 6.5AIMediumAI2026-04-20
CVE-2026-41301 OpenClaw 2026.3.22 < 2026.3.31 - Forged Nostr DM Pairing State Creation via Signature Verification Bypass — OpenClawCWE-347 5.3 Medium2026-04-20
CVE-2026-5721 wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 6.5.0.4 - Unauthenticated Stored Cross-Site Scripting via CSV/Excel Data Import — wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts PluginCWE-79 4.7 Medium2026-04-20
CVE-2026-33432 Roxy-WI has Pre-Authentication LDAP Injection that Leads to Authentication Bypass — roxy-wiCWE-287 7.5AIHighAI2026-04-20
CVE-2026-5478 Everest Forms <= 3.4.4 - Unauthenticated Arbitrary File Read and Deletion via Upload Field 'old_files' Parameter — Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form BuilderCWE-22 8.1 High2026-04-20
CVE-2026-25058 Vexa's unauthenticated internal transcript endpoint exposed by default — vexaCWE-306 7.5 High2026-04-20
CVE-2026-26944 Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞 — PowerProtect Data DomainCWE-306 8.8 High2026-04-20
CVE-2026-24467 OpenAEV's Improper Password Reset Token Management Leads to Unauthenticated Account Takeover and Platform Compromise — openaevCWE-640 9.1 Critical2026-04-20
CVE-2026-39918 Vvveb < 1.0.8.1 Code Injection via Installation Endpoint — VvvebCWE-94 9.8 Critical2026-04-20
CVE-2026-6369 Exposed Session Token in canonical-livepatch client snap — canonical-livepatchCWE-306 7.8AIHighAI2026-04-20
CVE-2026-5964 Digiwin|EasyFlow .NET - SQL Injection — EasyFlow .NETCWE-89 9.8 Critical2026-04-20

Vulnerabilities classified as access:pre-auth represent 18802 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.