Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19065

19065 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2026-41929 Vvveb < 1.0.8.2 Unauthenticated Reflected XSS via Visual Editor — VvvebCWE-79 6.1 Medium2026-05-07
CVE-2026-7891 Siemens Mendix Studio Pro 安全漏洞 — VerySecureAppCWE-277 6.5AIMediumAI2026-05-07
CVE-2026-42047 Inngest TypeScript SDK exposes environment variables via serve() handler on unhandled HTTP methods — inngest-jsCWE-200 8.6 High2026-05-07
CVE-2026-41902 FreeScout's user invitation hash never expires: permanent unauthenticated account takeover if invite link leaks — freescoutCWE-613 9.1 Critical2026-05-07
CVE-2026-7415 Open MQTT orchestration without read/write ACLs in Yarbo robot firmware — FirmwareCWE-306 9.8 Critical2026-05-07
CVE-2026-7413 Persistent undocumented backdoor access in Yarbo robot — FirmwareCWE-912 7.2 High2026-05-07
CVE-2026-5787 Ivanti EPMM 信任管理问题漏洞 — Endpoint Manager MobileCWE-295 8.9 High2026-05-07
CVE-2026-5788 Ivanti EPMM 访问控制错误漏洞 — Endpoint Manager MobileCWE-284 7.0 High2026-05-07
CVE-2026-7821 Ivanti EPMM 信任管理问题漏洞 — Endpoint Manager MobileCWE-295 7.4 High2026-05-07
CVE-2026-32686 Unbounded exponent in decimal enables unauthenticated DoS — decimalCWE-400 7.5AIHighAI2026-05-07
CVE-2026-42285 GoBGP: Panic in AdjRib.Update via malformed BGP Update message (Nil Pointer Dereference) — gobgpCWE-476 7.5 High2026-05-07
CVE-2026-41642 GoBGP: Remote Denial of Service (Panic) via Malformed Well-known Path Attribute — gobgpCWE-476 7.5 High2026-05-07
CVE-2026-4348 BetterDocs Pro <= 3.7.0 - Unauthenticated SQL Injection via Encyclopedia 'limit' Parameter — BetterDocs ProCWE-89 7.5 High2026-05-07
CVE-2026-41413 Istio Vulnerable to SSRF via RequestAuthentication jwksUri — istioCWE-918 5.0 Medium2026-05-07
CVE-2026-41661 Admidio: Reflected XSS in msg_window.php via Square Bracket to HTML Tag Conversion — admidioCWE-79 6.1 Medium2026-05-07
CVE-2026-4807 Appointment Booking Calendar <= 1.6.10.6 - Unauthenticated Arbitrary Appointment View, Modification and Deletion — Appointment Booking Calendar — Simply Schedule Appointments Booking PluginCWE-862 6.5 Medium2026-05-07
CVE-2026-30495 Optoma CinemaX P2 安全漏洞 — n/a 8.8AIHighAI2026-05-07
CVE-2026-30496 Optoma CinemaX P2 安全漏洞 — n/a 9.8AICriticalAI2026-05-07
CVE-2026-40281 Gotenberg vulnerable to argument injection via newlines in ExifTool metadata values — gotenbergCWE-88 10.0 Critical2026-05-06
CVE-2026-40326 Masa CMS CSRF in site bundle creation allows unauthorized site data export — MasaCMSCWE-352 8.1AIHighAI2026-05-06
CVE-2026-44109 OpenClaw < 2026.4.15 - Authentication Bypass in Feishu Webhook and Card-Action Validation — OpenClawCWE-1188 9.8 Critical2026-05-06
CVE-2026-0300 PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal — Cloud NGFWCWE-787 9.8AICriticalAI2026-05-06
CVE-2026-41938 Vvveb < 1.0.8.2 RCE via Media Upload Handler — VvvebCWE-434 8.8 High2026-05-06
CVE-2026-41930 Vvveb < 1.0.8.2 Hard-coded Credentials Information Disclosure via phpMyAdmin — VvvebCWE-306 9.8 Critical2026-05-06
CVE-2026-41931 Vvveb < 1.0.8.2 Information Disclosure via Debug Exception Handler — VvvebCWE-1188 5.3 Medium2026-05-06
CVE-2026-41934 Vvveb < 1.0.8.2 Authenticated RCE via Code Editor — VvvebCWE-184 8.8 High2026-05-06
CVE-2026-20035 Cisco Unity Connection Server-Side Request Forgery Vulnerability — Cisco Unity ConnectionCWE-918 7.2 High2026-05-06
CVE-2026-20188 Cisco Crosswork Network Controller and Cisco Network Services Orchestrator Connection Exhaustion Denial of Service Vulnerability — Cisco Crosswork Network Change AutomationCWE-400 7.5 High2026-05-06
CVE-2026-20195 Cisco Identity Services Engine Observable Response Discrepancy Vulnerability — Cisco Identity Services Engine SoftwareCWE-204 5.3 Medium2026-05-06
CVE-2026-41286 Stack-based Buffer Overflow in WatchGuard Agent Discovery Service on Windows Causes Denial of Service - Variant B — WatchGuard AgentCWE-121 6.5AIMediumAI2026-05-06

Vulnerabilities classified as access:pre-auth represent 19065 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.