Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

access:pre-auth — CVE vulnerabilities tagged 18802

18802 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPaused
CVE-2026-3643 Accessibly <= 3.0.3 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Widget Source Injection via REST API — Accessibly – WordPress Website AccessibilityCWE-79 7.2 High2026-04-15
CVE-2026-1782 MetForm Pro <= 3.9.7 - Unauthenticated Payment Amount Manipulation via 'mf-calculation' — MetForm ProCWE-20 5.3 Medium2026-04-15
CVE-2026-4091 OPEN-BRAIN <= 0.5.0 - Cross-Site Request Forgery — OPEN-BRAINCWE-352 6.1 Medium2026-04-15
CVE-2026-3461 Visa Acceptance Solutions <= 2.1.0 - Unauthenticated Authentication Bypass via Billing Email — Visa Acceptance SolutionsCWE-288 9.8 Critical2026-04-15
CVE-2026-4002 Petje.af <= 2.1.8 - Cross-Site Request Forgery to Account Deletion via 'petjeaf_disconnect' AJAX Action — Petje.afCWE-352 4.3 Medium2026-04-15
CVE-2026-5694 Quick Interest Slider <= 3.1.5 - Unauthenticated Stored Cross-Site Scripting — Quick Interest SliderCWE-79 7.2 High2026-04-15
CVE-2026-6293 Inquiry form to posts or pages <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'inq_header' Parameter — Inquiry form to posts or pagesCWE-352 4.3 Medium2026-04-15
CVE-2026-1555 WebStack <= 1.2024 - Unauthenticated Arbitrary File Upload — WebStackCWE-434 9.8 Critical2026-04-15
CVE-2026-4812 Advanced Custom Fields (ACF®) <= 6.7.0 - Unauthenticated Missing Authorization to Arbitrary Post/Page Disclosure via AJAX Field Query Parameters — Advanced Custom Fields (ACF®)CWE-862 5.3 Medium2026-04-15
CVE-2026-2834 Age Verification & Identity Verification by Token of Trust <= 3.32.3 - Unauthenticated Stored Cross-Site Scripting via 'description' Parameter — Age Verification & Identity Verification by Token of TrustCWE-79 7.2 High2026-04-15
CVE-2026-30994 Slah CMS 安全漏洞 — n/a 7.5 -2026-04-15
CVE-2026-1314 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery <= 1.16.17 - Missing Authorization to Unauthenticated Private/Draft Flipbook Data Exposure — 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image GalleryCWE-862 5.3 Medium2026-04-14
CVE-2026-35033 Jellyfin: Potential SSRF + Arbitrary file read via stream argument injection — jellyfinCWE-88 7.5 -2026-04-14
CVE-2026-34457 OAuth2 Proxy: Health Check User-Agent Matching Bypasses Authentication in auth_request Mode — oauth2-proxyCWE-290 9.1 Critical2026-04-14
CVE-2026-33146 Docmost's Public Share Search Exposes Metadata of Restricted Children — docmostCWE-285 4.3 Medium2026-04-14
CVE-2025-15565 Nexi XPay <= 8.3.0 - Missing Authorization to Unauthenticated Order Status Modification — Nexi XPayCWE-862 5.3 Medium2026-04-14
CVE-2026-39907 Unisys WebPerfect Image Suite 3.0 NTLMv2 Hash Leakage via WCF SOAP — WebPerfect Image SuiteCWE-73 9.8 -2026-04-14
CVE-2026-39906 Unisys WebPerfect Image Suite 3.0 NTLMv2 Hash Leakage via .NET Remoting — WebPerfect Image SuiteCWE-441 9.8 -2026-04-14
CVE-2026-34160 Chamilo LMS: Unauthenticated SSRF via PENS Plugin allows attacker to probe internal network and reach cloud metadata services — chamilo-lmsCWE-306 8.6 High2026-04-14
CVE-2026-33715 Chamilo LMS has Unauthenticated SSRF and Open Email Relay via install.ajax.php test_mailer action — chamilo-lmsCWE-306 7.2 High2026-04-14
CVE-2026-5756 Unauthenticated Configuration File Modification Vulnerability in DRC Central Office Services (COS) — Central Office Services - Content Hosting Component 9.8 -2026-04-14
CVE-2026-33096 HTTP.sys Denial of Service Vulnerability — Windows 11 version 22H3CWE-125 7.5 High2026-04-14
CVE-2026-22828 Fortinet FortiManager Cloud和Fortinet FortiAnalyzer Cloud 安全漏洞 — FortiAnalyzer CloudCWE-122 7.3 High2026-04-14
CVE-2026-23708 Fortinet FortiSOAR PaaS和Fortinet FortiSOAR on-premise 授权问题漏洞 — FortiSOAR PaaSCWE-287 6.7 High2026-04-14
CVE-2026-4832 Schneider Electric多款产品 信任管理问题漏洞 — Easergy MiCOM P14xCWE-798 7.5 -2026-04-14
CVE-2025-13822 Authentication bypass in MCPHub — MCPHubCWE-639 8.8 -2026-04-14
CVE-2026-33892 Siemens Industrial Edge Management 安全漏洞 — Industrial Edge Management Pro V1CWE-305 7.1 High2026-04-14
CVE-2026-24032 Siemens SINEC NMS 数据伪造问题漏洞 — SINEC NMSCWE-347 7.3 High2026-04-14
CVE-2025-40745 Siemens多款产品 信任管理问题漏洞 — Siemens Software CenterCWE-295 3.7 Low2026-04-14
CVE-2026-2582 Germanized for WooCommerce <= 3.20.5 - Unauthenticated Arbitrary Shortcode Execution — Germanized for WooCommerceCWE-94 6.5 Medium2026-04-14

Vulnerabilities classified as access:pre-auth represent 18802 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.