Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19413

19413 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2026-37750 School Management System 安全漏洞 — n/a 6.1AIMediumAI2026-04-28
CVE-2026-7139 Totolink A8000RU CGI cstecgi.cgi setWiFiAclRules os command injection — A8000RUCWE-78 9.8 Critical2026-04-27
CVE-2026-41462 ProjeQtor < 12.4.4 Unauthenticated SQL Injection via Login — ProjeQtorCWE-89 9.8 Critical2026-04-27
CVE-2026-40514 SmarterTools SmarterMail < Build 9610 Cryptographic Weakness via Weak RNG — SmarterMailCWE-338 5.9 Medium2026-04-27
CVE-2026-32688 Atom table exhaustion via HTTP/2 :scheme pseudo-header in plug_cowboy — plug_cowboyCWE-770 7.5AIHighAI2026-04-27
CVE-2026-41081 Apache Storm Client: Anonymous principal assigned on TLS client certificate verification failure — Apache Storm ClientCWE-287 9.1AICriticalAI2026-04-27
CVE-2026-33453 Apache Camel: CoAP URI Query Parameter to Exchange Header Injection in camel-coap Allows Single-Packet Pre-Auth Remote Code Execution — Apache CamelCWE-915 9.8AICriticalAI2026-04-27
CVE-2026-40022 Apache Camel Platform HTTP Main: Authentication Bypass on Non-Root Context Paths in camel main runtime — Apache Camel Platform HTTP MainCWE-288 9.8AICriticalAI2026-04-27
CVE-2026-3868 Moxa EDR-8010 Series和Moxa EDR-G9010 Series 安全漏洞 — EDR-8010 SeriesCWE-130 7.5AIHighAI2026-04-27
CVE-2026-35902 Mercury MIPC252W 安全漏洞 — n/a 7.5AIHighAI2026-04-27
CVE-2025-69428 Pro-Bit 安全漏洞 — n/a 7.5AIHighAI2026-04-27
CVE-2026-41473 CyberPanel < 2.4.4 Unauthenticated API Access via AI Scanner Endpoints — cyberpanelCWE-306 9.1AICriticalAI2026-04-24
CVE-2026-41472 CyberPanel < 2.4.4 Stored XSS via AI Scanner Dashboard — cyberpanelCWE-79 6.1AIMediumAI2026-04-24
CVE-2026-41477 Deskflow: Local privilege escalation via unauthenticated IPC — deskflowCWE-306 7.8 High2026-04-24
CVE-2026-41503 BACnet Stack: Out-of-Bounds Read in ReadPropertyMultiple Property Decoder via Deprecated Tag Parser — bacnet-stackCWE-125 7.5AIHighAI2026-04-24
CVE-2026-41502 BACnet Stack: Off-by-One Out-of-Bounds Read in ReadPropertyMultiple Object ID Decoder — bacnet-stackCWE-125 9.1AICriticalAI2026-04-24
CVE-2026-41475 BACnet Stack: Out-of-Bounds Read in WritePropertyMultiple Decoder via Deprecated Tag Parser — bacnet-stackCWE-125 7.5AIHighAI2026-04-24
CVE-2026-41428 Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpoints — budibaseCWE-287 9.1 Critical2026-04-24
CVE-2026-41426 pretalx: Email injection via unescaped user-controlled placeholders in pretalx mail templates — pretalxCWE-79 6.1 Medium2026-04-24
CVE-2026-41492 Unauthenticated Admin Token Disclosure Leading to Authentication Bypass via /debug/vars in Dgraph — dgraphCWE-200 9.8 Critical2026-04-24
CVE-2026-41327 Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in Upsert Condition Field — dgraphCWE-943 9.1 Critical2026-04-24
CVE-2026-41328 Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in NQuad Lang Field — dgraphCWE-943 9.1 Critical2026-04-24
CVE-2026-41680 Marked: OOM Denial of Service via Infinite Recursion in marked Tokenizer — markedCWE-400 7.5AIHighAI2026-04-24
CVE-2026-6911 Authentication Bypass via Missing JWT Signature Verification in AWS Ops Wheel — AWS Ops WheelCWE-347 9.8 Critical2026-04-24
CVE-2026-39920 BridgeHead FileStore < 24A Apache Axis2 Default Credentials RCE — FileStoreCWE-1188 9.8 Critical2026-04-24
CVE-2026-6043 Insecure Default Configuration in P4 Server — Helix Core Server (P4D)CWE-1188 9.8AICriticalAI2026-04-24
CVE-2026-3569 Liaison Site Prober <= 1.2.1 - Missing Authorization to Unauthenticated Information Exposure in '/logs' REST API Endpoint — Liaison Site ProberCWE-862 5.3 Medium2026-04-24
CVE-2026-3565 Taqnix <= 1.0.3 - Cross-Site Request Forgery to Account Deletion via 'taqnix_delete_my_account' AJAX Action — TaqnixCWE-352 4.3 Medium2026-04-24
CVE-2026-5347 WP Books Gallery <= 4.8.0 - Missing Authorization to Unauthenticated Settings Update via 'permalink_structure' Parameter — WP Books Gallery – Build Stunning Book Showcases & Libraries in MinutesCWE-862 5.3 Medium2026-04-24
CVE-2026-5364 Drag and Drop File Upload for Contact Form 7 <= 1.1.3 - Unauthenticated Arbitrary File Upload via sanitize_file_name Bypass — Drag and Drop File Upload for Contact Form 7CWE-434 8.1 High2026-04-24

Vulnerabilities classified as access:pre-auth represent 19413 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.