Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19070

19070 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2026-34072 cronmaster: Middleware authentication bypass enabling unauthorized page access and server-action execution — cronmasterCWE-287 8.3 High2026-04-01
CVE-2026-20160 Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability — Cisco Smart Software Manager On-PremCWE-668 9.8 Critical2026-04-01
CVE-2026-20093 Cisco Integrated Management Controller Authentication Bypass Vulnerability — Cisco Enterprise NFV Infrastructure SoftwareCWE-20 9.8 Critical2026-04-01
CVE-2026-20085 Cisco Integrated Management Controller Cross-Site Scripting Vulnerability — Cisco Enterprise NFV Infrastructure SoftwareCWE-79 6.1 Medium2026-04-01
CVE-2026-20041 Cisco Nexus Dashboard Server Side Request Forgery Vulnerability — Cisco Nexus DashboardCWE-918 6.1 Medium2026-04-01
CVE-2026-2265 Replicator 1.0.5 is vulnerable to Remote Code Execution through Insecure Deserialization — Replicator 9.8AICriticalAI2026-04-01
CVE-2026-33949 @tinacms/graphql has Path Traversal that leads to overwrite of arbitrary files — tinacmsCWE-22 8.1 High2026-04-01
CVE-2026-34999 OpenViking 0.2.5 < 0.2.14 Bot Proxy Endpoints Allow Unauthenticated Access — OpenVikingCWE-306 5.3 Medium2026-04-01
CVE-2026-35092 Corosync: corosync: denial of service via integer overflow in join message validation — Red Hat Enterprise Linux 10CWE-190 7.5 High2026-04-01
CVE-2026-35091 Corosync: corosync: denial of service and information disclosure via crafted udp packet — Red Hat Enterprise Linux 10CWE-253 8.2 High2026-04-01
CVE-2026-29014 MetInfo CMS Unauthenticated PHP Code Injection RCE — MetInfo CMSCWE-94 9.8 Critical2026-04-01
CVE-2026-0932 M-Files Server 安全漏洞 — M-Files ServerCWE-918 8.2AIHighAI2026-04-01
CVE-2026-4370 Improper TLS Client/Server authentication and certificate verification on Database Cluster — JujuCWE-295 10.0 Critical2026-04-01
CVE-2026-2696 Export All URLs < 5.1 - Unauthenticated Sensitive Data Exposure — Export All URLs 7.5AIHighAI2026-04-01
CVE-2025-15484 Order Notification for WooCommerce < 3.6.3 - Unauthenticated WooCommerce REST Permission Bypass — Order Notification for WooCommerce 9.1AICriticalAI2026-04-01
CVE-2025-67805 Sage DPW 安全漏洞 — n/a 5.9 Medium2026-04-01
CVE-2026-34605 SiYuan: Reflected XSS via SVG namespace prefix bypass in SanitizeSVG ( getDynamicIcon, unauthenticated ) — siyuanCWE-79 6.1 -2026-03-31
CVE-2026-34453 SiYuan: Broken access control in /api/bookmark/getBookmark allows unauthenticated publish visitors to read password-protected bookmarked content — siyuanCWE-863 7.5 High2026-03-31
CVE-2026-34733 AVideo: Unauthenticated File Deletion via PHP Operator Precedence Bug in CLI Guard — AVideoCWE-284 6.5 Medium2026-03-31
CVE-2026-34732 AVideo: Missing Authentication in CreatePlugin list.json.php Template Affects 21 Endpoints — AVideoCWE-306 5.3 Medium2026-03-31
CVE-2026-34731 AVideo: Unauthenticated Live Stream Termination via RTMP Callback on_publish_done.php — AVideoCWE-306 7.5 High2026-03-31
CVE-2026-34381 Admidio: Unauthenticated Access to Role-Restricted documents via neutralized .htaccess — admidioCWE-284 7.5 High2026-03-31
CVE-2026-1579 PX4 Autopilot Missing authentication for critical function — AutopilotCWE-306 9.8 Critical2026-03-31
CVE-2026-34361 HAPI FHIR: Unauthenticated SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token Theft — org.hl7.fhir.coreCWE-552 9.3 Critical2026-03-31
CVE-2026-34360 HAPI FHIR: Unauthenticated Blind SSRF via /loadIG Endpoint Enables Internal Network Probing — org.hl7.fhir.coreCWE-918 5.8 Medium2026-03-31
CVE-2026-34240 jose vulnerable to untrusted JWK header key acceptance during signature verification — joseCWE-347 7.5 High2026-03-31
CVE-2026-34227 Sliver One-Click Remote Access: Insecure CORS & Unauthenticated MCP Interface — sliverCWE-306 8.8AIHighAI2026-03-31
CVE-2026-34573 Parse Server: GraphQL complexity validator exponential fragment traversal DoS — parse-serverCWE-407 7.5AIHighAI2026-03-31
CVE-2026-34532 Parse Server: Cloud function validator bypass via prototype chain traversal — parse-serverCWE-863 9.1AICriticalAI2026-03-31
CVE-2026-34202 Zebra node crash — V5 transaction hash panic (P2P reachable) — zebraCWE-1336 7.5AIHighAI2026-03-31

Vulnerabilities classified as access:pre-auth represent 19070 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.