目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1336 CNY

100%

access:pre-auth 标签下的 CVE 漏洞 20952

access:pre-auth 类型相关 20952 条 CVE 漏洞,含 AI 中文分析、CVSS、参考链接与 POC。

“access:pre-auth”标签标识了无需身份验证即可触发的漏洞,涵盖18971个CVE。此类漏洞之所以关键,是因为攻击者无需凭证即可直接利用,极大降低了攻击门槛并扩大了潜在受害面。典型场景包括远程代码执行、未授权数据访问及拒绝服务攻击,常见于配置错误的API接口、默认凭证服务或存在逻辑缺陷的认证前处理模块,对系统安全性构成直接且严重的威胁。

CVE IDタイトルCVSS深刻度公開日
CVE-2026-32944 Parse Server crash via deeply nested query condition operators — parse-serverCWE-674 7.5 -2026-03-18
CVE-2026-25873 OmniGen2-RL Reward Server Unsafe Deserialization RCE — OmniGen2-RLCWE-502 9.8 Critical2026-03-18
CVE-2026-32633 Glances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist` — glancesCWE-200 9.1 Critical2026-03-18
CVE-2026-2991 KiviCare – Clinic & Patient Management System (EHR) <= 4.1.2 - Unauthenticated Authentication Bypass via Social Login Token — KiviCare – Clinic & Patient Management System (EHR)CWE-287 7.3 High2026-03-18
CVE-2026-2992 KiviCare <= 4.1.2 - Missing Authorization to Unauthenticated Privilege Escalation via Setup Wizard — KiviCare – Clinic & Patient Management System (EHR)CWE-862 8.2 High2026-03-18
CVE-2026-3090 Post SMTP <= 3.8.0 - Unauthenticated Stored Cross-Site Scripting via 'event_type' — Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile AppCWE-79 7.2 High2026-03-18
CVE-2026-32609 Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials — glancesCWE-200 7.5 High2026-03-18
CVE-2026-22323 Cross‑Site Request Forgery in Link Aggregation Configuration — FL SWITCH 2005CWE-352 7.1 High2026-03-18
CVE-2026-22322 Stored Cross‑Site Scripting in Link Aggregation Name Handling — FL SWITCH 2005CWE-79 7.1 High2026-03-18
CVE-2026-22321 Stack-Based Buffer Overflow in CLI Login Username Handling over CLI — FL SWITCH 2005CWE-121 5.3 Medium2026-03-18
CVE-2026-32596 Glances exposes the REST API without authentication — glancesCWE-200 9.1 -2026-03-18
CVE-2026-32268 Azure Blob Storage for Craft CMS Potential Sensitive Information Disclosure vulnerability — azure-blobCWE-862 4.3 -2026-03-18
CVE-2026-32266 Google Cloud Storage for Craft CMS has an Information Disclosure Vulnerability — google-cloudCWE-200 5.3 -2026-03-18
CVE-2026-1926 Subscriptions for WooCommerce <= 1.9.2 - Missing Authorization to Unauthenticated Arbitrary Subscription Cancellation — Subscriptions for WooCommerceCWE-862 5.3 Medium2026-03-18
CVE-2026-1780 [CR]Paid Link Manager <= 0.5 - Reflected Cross-Site Scripting — [CR]Paid Link ManagerCWE-79 6.1 Medium2026-03-18
CVE-2026-32265 Amazon S3 for Craft CMS has an Information Disclosure vulnerability — aws-s3CWE-200 4.3 -2026-03-18
CVE-2026-2575 Keycloak: keycloak: denial of service due to excessive samlrequest decompression — Red Hat build of Keycloak 26.4CWE-409 5.3 Medium2026-03-18
CVE-2026-4356 itsourcecode University Management System add_result.php cross site scripting — University Management SystemCWE-79 2.4 Low2026-03-18
CVE-2025-55043 Mura 安全漏洞 — n/a 6.5 -2026-03-18
CVE-2026-21994 Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit 安全漏洞 — Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit 9.8 Critical2026-03-17
CVE-2026-1264 IBM Sterling B2B Integrator and IBM Sterling File Gateway Improper Access Controls — Sterling B2B IntegratorCWE-306 7.1 High2026-03-17
CVE-2025-14031 IBM Sterling B2B Integrator and IBM Sterling File Gateway Denial of Service — Sterling B2B IntegratorCWE-77 7.5 High2026-03-17
CVE-2026-32841 Edimax GS-5008PL <= 1.00.54 Global Authentication State Across All Clients — Edimax GS-5008PLCWE-1108 8.1 High2026-03-17
CVE-2026-4295 Arbitrary code execution via crafted project files in Kiro IDE — Kiro IDECWE-829 7.8 High2026-03-17
CVE-2026-25771 Wazuh Vulnerable to Denial of Service via Synchronous I/O Blocking in Asynchronous Authentication Middleware — wazuhCWE-400 5.3 Medium2026-03-17
CVE-2026-32297 Angeet ES3 KVM unauthenticated arbitrary file write — ES3 KVMCWE-306 7.5 High2026-03-17
CVE-2026-32296 Sipeed NanoKVM unauthenticated Wi-Fi configuration endpoint — NanoKVMCWE-306 8.2 High2026-03-17
CVE-2026-4318 UTT HiPER 810G formApLbConfig strcpy buffer overflow — HiPER 810GCWE-120 8.8 High2026-03-17
CVE-2026-4312 DrangSoft|GCB/FCB Audit Software - Missing Authentication — GCB/FCB Audit SoftwareCWE-306 9.8 Critical2026-03-17
CVE-2026-2373 Royal Addons for Elementor – Addons and Templates Kit for Elementor <= 1.7.1049 - Missing Authorization to Unauthenticated Custom Post Type Contents Exposure — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-862 5.3 Medium2026-03-17

access:pre-auth 是常见的弱点类别,本平台收录该类弱点关联的 20952 条 CVE 漏洞。