目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1336

100%
请我们喝杯咖啡

access:pre-auth 标签下的 CVE 漏洞 20697

access:pre-auth 类型相关 20697 条 CVE 漏洞,含 AI 中文分析、CVSS、参考链接与 POC。

“access:pre-auth”标签标识了无需身份验证即可触发的漏洞,涵盖18971个CVE。此类漏洞之所以关键,是因为攻击者无需凭证即可直接利用,极大降低了攻击门槛并扩大了潜在受害面。典型场景包括远程代码执行、未授权数据访问及拒绝服务攻击,常见于配置错误的API接口、默认凭证服务或存在逻辑缺陷的认证前处理模块,对系统安全性构成直接且严重的威胁。

CVE ID标题CVSS风险等级Published
CVE-2026-54341 Dragonfly RESTORE操作可能导致服务器崩溃漏洞 — dragonflyCWE-125 7.5 High2026-06-26
CVE-2026-5757 Ollama 模型量化引擎未授权远程信息泄露漏洞 — Ollama--2026-06-26
CVE-2026-57664 WordPress Bopo插件 <= 1.1.6 敏感信息泄露漏洞 — Bopo – WooCommerce Product Bundle BuilderCWE-497 4.3 Medium2026-06-26
CVE-2026-57665 WordPress GravityView插件 <=3.0.0 不安全的直接对象引用漏洞 — GravityViewCWE-639 5.3 Medium2026-06-26
CVE-2026-57660 WordPress Booking and Rental Manager <= 2.7.1 权限控制漏洞 — Booking and Rental ManagerCWE-862 5.3 Medium2026-06-26
CVE-2026-57659 WordPress Paid Memberships Pro插件<= 0.7.2跨站请求伪造漏洞 — Paid Memberships Pro - Add Member From AdminCWE-352 8.8 High2026-06-26
CVE-2026-57657 WordPress Gmail SMTP插件<=1.2.3.19 跨站请求伪造漏洞 — Gmail SMTPCWE-352 4.3 Medium2026-06-26
CVE-2026-57655 WordPress Child theme Wizard插件1.4及以下版本跨站请求伪造漏洞 — Child Theme WizardCWE-352 8.2 High2026-06-26
CVE-2026-57652 WordPress JS Help Desk <= 3.1.0 不安全的直接对象引用漏洞 — JS Help DeskCWE-639 5.3 Medium2026-06-26
CVE-2026-57641 WordPress Real Estate 7 主题 <= 3.5.9 跨站请求伪造漏洞 — Real Estate 7CWE-352 6.5 Medium2026-06-26
CVE-2026-57637 WordPress Abandoned Cart Lite 6.8.0 CSRF漏洞 — Abandoned Cart Lite for WooCommerceCWE-352 4.3 Medium2026-06-26
CVE-2026-57635 WordPress FunnelKit <= 1.14.0.3 CSRF漏洞 — FunnelKit Payment Gateway for Stripe WooCommerceCWE-352 6.5 Medium2026-06-26
CVE-2026-57633 WordPress WCBoost Products Compare <= 1.1.0 敏感信息泄露漏洞 — WCBoost &#8211; Products CompareCWE-497 5.3 Medium2026-06-26
CVE-2026-57630 WordPress Blocksy Companion Pro <= 2.1.46 越权漏洞 — Blocksy Companion ProCWE-639 5.3 Medium2026-06-26
CVE-2026-57325 WordPress NanoMag主题<=1.8 跨站脚本漏洞 — NanoMagCWE-79 7.1 High2026-06-26
CVE-2026-57324 WordPress GIFT4U <=1.0.10 插件访问控制漏洞 — GIFT4UCWE-862 6.5 Medium2026-06-26
CVE-2026-57323 WordPress Flash & HTML5 Video插件 <=2.11.0 访问控制漏洞 — Flash & HTML5 VideoCWE-862 5.8 Medium2026-06-26
CVE-2026-57322 WordPress weMail <=2.1.2 反射型跨站脚本漏洞 — weMailCWE-79 7.1 High2026-06-26
CVE-2026-57319 WordPress FOX插件<=1.4.8 跨站脚本漏洞 — FOXCWE-79 7.1 High2026-06-26
CVE-2026-57317 WordPress Simply Schedule Appointments插件<=1.6.12.2跨站脚本漏洞 — Simply Schedule AppointmentsCWE-79 7.1 High2026-06-26
CVE-2026-57314 WordPress SureCart插件<=4.3.2 反射型跨站脚本漏洞 — SureCartCWE-79 7.1 High2026-06-26
CVE-2026-57312 WordPress Everest Forms 插件 <= 3.4.8 反射型跨站脚本漏洞 — Everest FormsCWE-79 7.1 High2026-06-26
CVE-2026-56072 WordPress WoodMart主题<=8.5.3 跨站脚本漏洞 — WoodMartCWE-79 7.1 High2026-06-26
CVE-2026-56070 WordPress Advance Product Search <=1.4.4 SQL注入漏洞 — Advance Product SearchCWE-89 9.3 Critical2026-06-26
CVE-2026-56068 WordPress JetEngine插件 <=3.8.10.2 SQL注入漏洞 — JetEngineCWE-89 9.3 Critical2026-06-26
CVE-2026-56069 WordPress Toolset Forms插件<=2.6.24 越权访问漏洞 — Toolset FormsCWE-639 7.5 High2026-06-26
CVE-2026-56067 WordPress JetSmartFilters插件 ≤3.8.3 存在SQL注入漏洞 — JetSmartFiltersCWE-89 9.3 Critical2026-06-26
CVE-2026-56066 WordPress ShortPixel Adaptive Images <= 3.11.4 任意文件删除漏洞 — ShortPixel Adaptive ImagesCWE-22 5.8 Medium2026-06-26
CVE-2026-56063 WordPress MailChimp Block 插件 <=1.1.15 访问控制漏洞 — MailChimp BlockCWE-862 8.3 High2026-06-26
CVE-2026-56062 WordPress Quotes llama插件 <=3.1.5 SQL注入漏洞 — Quotes llamaCWE-89 9.3 Critical2026-06-26

access:pre-auth 是常见的弱点类别,本平台收录该类弱点关联的 20697 条 CVE 漏洞。