Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 20042

20042 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2019-25662 ResourceSpace 8.6 SQL Injection via watched_searches.php — ResourceSpaceCWE-89 8.2 High2026-04-05
CVE-2026-5526 Tenda 4G03 Pro httpd access control — 4G03 ProCWE-284 7.3 High2026-04-04
CVE-2018-25246 Wikipedia 12.0 Denial of Service via Search — WikipediaCWE-306 7.5 High2026-04-04
CVE-2018-25244 Eco Search 1.0.2.0 Denial of Service — Eco SearchCWE-1312 6.2 Medium2026-04-04
CVE-2018-25241 VPN Browser+ 1.1.0.0 Denial of Service — VPN Browser+CWE-306 7.5 High2026-04-04
CVE-2016-20053 Redaxo CMS 5.2 Cross-Site Request Forgery via users endpoint — Redaxo CMSCWE-352 5.3 Medium2026-04-04
CVE-2016-20051 Snews CMS 1.7 Cross-Site Request Forgery via changeup — Snews CMS Cross Site Request ForgeryCWE-352 5.3 Medium2026-04-04
CVE-2016-20052 Snews CMS 1.7 Unrestricted File Upload via snews_files — Snews CMS upload shellerCWE-434 9.8 Critical2026-04-04
CVE-2026-2936 Visitor Traffic Real Time Statistics <= 8.4 - Unauthenticated Stored Cross-Site Scripting — Visitor Traffic Real Time StatisticsCWE-79 7.2 High2026-04-04
CVE-2026-1233 Text to Speech (TTS) by Mementor <= 1.9.8 - Use of Hardcoded Password to Unauthenticated Remote Database Access — Text to Speech – TTSWPCWE-798 7.5 High2026-04-04
CVE-2025-14938 Listeo-Core - Directory Plugin by Purethemes <= 2.0.27 - Unauthenticated Arbitrary Media Upload — Listeo-Core - Directory Plugin by PurethemesCWE-434 5.3 Medium2026-04-04
CVE-2026-3309 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.11 - Unauthenticated Arbitrary Shortcode Execution via Checkout Billing Fields — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-94 6.5 Medium2026-04-04
CVE-2026-5425 Widgets for Social Photo Feed <= 1.7.9 - Unauthenticated Stored Cross-Site Scripting via feed_data — Widgets for Social Photo FeedCWE-79 7.2 High2026-04-04
CVE-2026-3571 Pie Register – User Registration, Profiles & Content Restriction <= 3.8.4.8 - Missing Authorization to Unauthenticated Registration Form Status Modification — Pie Register – User Registration, Profiles & Content RestrictionCWE-862 6.5 Medium2026-04-04
CVE-2026-35616 Fortinet FortiClientEms 安全漏洞 — FortiClientEMSCWE-284 9.1 Critical2026-04-04
CVE-2017-20235 ProSoft Technology ICX35-HWC Authentication Bypass — ICX35-HWC Cellular GatewayCWE-287 9.1 Critical2026-04-03
CVE-2017-20234 GarrettCom Magnum 6K and 10K Authentication Bypass via Hardcoded String — GarrettCom Magnum 6K and 10K Managed SwitchesCWE-798 9.8 Critical2026-04-03
CVE-2018-25236 Hirschmann HiOS HiSecOS Authentication Bypass via HTTP Management — Hirschmann HiOSCWE-287 9.8 Critical2026-04-03
CVE-2026-34824 Mesop: Unbounded Thread Creation in WebSocket Handler Leads to Denial of Service — mesopCWE-125 7.5 High2026-04-03
CVE-2015-10148 Hirschmann HiLCOS Hard-coded Credentials SSH SSL Keys — Hirschmann HiLCOSCWE-321 8.2 High2026-04-03
CVE-2026-27833 Piwigo: Unauthenticated Information Disclosure via pwg.history.search API — PiwigoCWE-862 7.5 High2026-04-03
CVE-2026-27634 Piwigo: Pre-auth SQL injection via date filter parameters in ws_std_image_sql_filter — PiwigoCWE-89 7.5AIHighAI2026-04-03
CVE-2026-27481 Discourse: Hidden tag visibility bypass on tag routes — discourseCWE-200 5.3AIMediumAI2026-04-03
CVE-2026-34980 OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network — cupsCWE-20 9.8AICriticalAI2026-04-03
CVE-2017-20237 Hirschmann Industrial HiVision Authentication Bypass Remote Code Execution — Hirschmann Industrial HiVisionCWE-287 9.8 Critical2026-04-03
CVE-2026-28798 Arbitrary internal service access via /v1/sys/proxy when Cloudflare Tunnel is enabled on ZimaOS — ZimaOSCWE-918 9.1 Critical2026-04-03
CVE-2026-0545 Missing Authentication for Critical Function in mlflow/mlflow — mlflow/mlflowCWE-306 9.8AICriticalAI2026-04-03
CVE-2026-35216 Budibase: Unauthenticated Remote Code Execution via Webhook Trigger and Bash Automation Step — budibaseCWE-78 9.1 Critical2026-04-03
CVE-2026-25043 Budibase: Unauthenticated Password Reset Endpoint Lacks Rate Limiting, Enabling Email Flooding — budibaseCWE-770 5.3 Medium2026-04-03
CVE-2026-31402 nfsd: fix heap overflow in NFSv4.0 LOCK replay cache — Linux 9.8 Critical2026-04-03

Vulnerabilities classified as access:pre-auth represent 20042 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.