Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 20447

20447 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2020-37255 WordPress Time Capsule Plugin 1.21.16 Authentication Bypass — Time Capsule PluginCWE-288 7.5 High2026-06-20
CVE-2026-48908 Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.12 — SP Page Builder extension for JoomlaCWE-284--2026-06-20
CVE-2026-48909 Joomla Extension - joomshaper.com - PHP Object injection in SP LMS extension for Joomla < 4.1.4 — SP LMS extension for JoomlaCWE-502--2026-06-20
CVE-2026-11911 Simple File List <= 6.3.7 - Unauthenticated Arbitrary File Deletion via Path Traversal in 'eeSubFolder' Parameter — Simple File ListCWE-22 7.5 High2026-06-20
CVE-2026-11912 Simple File List <= 6.3.7 - Missing Authorization to Unauthenticated File Modification via simplefilelist_edit_job AJAX Action — Simple File ListCWE-862 7.5 High2026-06-20
CVE-2026-9843 Database for Contact Form 7, WPforms, Elementor forms <= 1.5.1 - Unauthenticated Arbitrary File Deletion via CF7 File Field POST Value — Database for Contact Form 7, WPforms, Elementor formsCWE-22 8.1 High2026-06-20
CVE-2026-56214 Capgo - Unauthenticated Organization Enumeration and Billing Status Disclosure via Supabase RPC — CapgoCWE-200 7.5 High2026-06-20
CVE-2026-56213 Capgo - Unauthenticated Cross-Tenant Metrics Poisoning via upsert_version_meta RPC — CapgoCWE-862 5.3 Medium2026-06-20
CVE-2026-11551 Branda – White Label & Branding, Free Login Page Customizer <= 3.4.29 - Unauthenticated Privilege Escalation via Account Takeover — Branda – White Label & Branding, Free Login Page CustomizerCWE-640 9.8 Critical2026-06-19
CVE-2026-56082 Capgo - Unauthenticated Cross-Tenant Billing Log Tampering via public.record_build_time RPC — capgoCWE-284 7.5 High2026-06-19
CVE-2026-48773 ProxySQL pre-auth heap overflow in MySQL and PostgreSQL first-packet handling — proxysqlCWE-787 9.8 Critical2026-06-19
CVE-2026-49345 Mercator CVE Configuration Vulnerable to Server-Side Request Forgery (SSRF) — mercatorCWE-918--2026-06-19
CVE-2026-12238 WP Go Maps <= 10.1.01 - Unauthenticated Arbitrary Record Creation — WP Go Maps – Google Map, OpenStreetMap, Leaflet MapCWE-862 5.3 Medium2026-06-19
CVE-2023-54357 Joomla com_booking 2.4.9 Information Disclosure via Account Enumeration — Joomla! com_booking componentCWE-203 7.5 High2026-06-19
CVE-2019-25762 Joomla! Component JoomProject 1.1.3.2 Information Disclosure — JoomProjectCWE-359 7.5 High2026-06-19
CVE-2019-25760 Joomla! Component Easy Shop 1.2.3 Local File Inclusion — Easy ShopCWE-98 6.2 Medium2026-06-19
CVE-2019-25756 Joomla! Component vAccount 2.0.2 SQL Injection via vaccount-dashboard — vAccountCWE-89 8.2 High2026-06-19
CVE-2019-25755 Joomla vReview 1.9.11 SQL Injection via editReview — vReviewCWE-89 8.2 High2026-06-19
CVE-2019-25754 Joomla vRestaurant 1.9.4 SQL Injection via menu-listing-layout — vRestaurantCWE-89 8.2 High2026-06-19
CVE-2019-25753 Joomla! Component VMap 1.9.6 SQL Injection via loadmarker — VMapCWE-89 8.2 High2026-06-19
CVE-2019-25752 Joomla! Component J-BusinessDirectory 4.9.7 SQL Injection — J-BusinessDirectoryCWE-89 8.2 High2026-06-19
CVE-2019-25751 Joomla J-ClassifiedsManager 3.0.5 SQL Injection — ClassifiedsManagerCWE-89 8.2 High2026-06-19
CVE-2019-25750 Joomla J-MultipleHotelReservation 6.0.7 SQL Injection — MultipleHotelReservationCWE-89 8.2 High2026-06-19
CVE-2019-25748 Joomla JHotelReservation 6.0.7 SQL Injection via search-hotels — JHotelReservationCWE-89 8.2 High2026-06-19
CVE-2017-20282 Joomla! Component jCart for OpenCart 2.0 SQL Injection — jCart for OpenCartCWE-89 8.2 High2026-06-19
CVE-2017-20281 Joomla! Component Extra Search 2.2.8 SQL Injection — Extra SearchCWE-89 8.2 High2026-06-19
CVE-2017-20280 Joomla Component Myportfolio 3.0.2 SQL Injection via pid Parameter — MyportfolioCWE-89 8.2 High2026-06-19
CVE-2017-20279 Joomla Payage 2.05 SQL Injection via aid Parameter — Joomla PayageCWE-89 8.2 High2026-06-19
CVE-2017-20278 Joomla JoomRecipe 1.0.3 SQL Injection via category parameter — JoomRecipeCWE-89 8.2 High2026-06-19
CVE-2017-20276 Joomla! Component SIMGenealogy 2.1.5 SQL Injection — SIMGenealogyCWE-89 8.2 High2026-06-19

Vulnerabilities classified as access:pre-auth represent 20447 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.