Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19065

19065 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2026-40471 Hackage CSRF vulnerability CWE-352 9.6 Critical2026-04-23
CVE-2026-23751 Kofax Capture 6.0.0.0 Unauthenticated File Read/Write & SMB Coercion via .NET Remoting — Kofax CaptureCWE-306 9.8 Critical2026-04-23
CVE-2026-35225 Improper timeout handling in CODESYS EtherNetIP — CODESYS EtherNetIPCWE-754 5.3AIMediumAI2026-04-23
CVE-2026-41460 SocialEngine <= 7.8.0 SQL Injection via activity/index/get-memberall — SocialEngineCWE-89 9.8 Critical2026-04-23
CVE-2026-6903 Path Traversal Vulnerability in LabOne User Interface — LabOneCWE-22 7.5 High2026-04-23
CVE-2026-6887 BorG Technology Corporation|Borg SPM 2007 - SQL Injection — Borg SPM 2007CWE-89 9.8 Critical2026-04-23
CVE-2026-6886 BorG Technology Corporation|Borg SPM 2007 - Authentication Bypass — Borg SPM 2007CWE-1390 9.8 Critical2026-04-23
CVE-2026-6885 BorG Technology Corporation|Borg SPM 2007 - Arbitrary File Upload — Borg SPM 2007CWE-434 9.8 Critical2026-04-23
CVE-2026-3960 Remote Code Execution in h2oai/h2o-3 — h2oai/h2o-3CWE-94 9.8AICriticalAI2026-04-23
CVE-2026-4106 HT Mega < 3.0.7 – Unauthenticated PII Disclosure — HT Mega Addons for Elementor 5.3AIMediumAI2026-04-23
CVE-2026-3844 Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote — Breeze CacheCWE-434 9.8 Critical2026-04-23
CVE-2026-41679 Paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass — paperclipCWE-287 10.0 Critical2026-04-23
CVE-2026-41180 PsiTransfer: Upload PATCH path traversal can create `config.<NODE_ENV>.js` and lead to code execution on restart — psitransferCWE-22 7.5 High2026-04-23
CVE-2026-41179 RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution — rcloneCWE-78 9.8 -2026-04-23
CVE-2026-40062 Ziosoft Ziostation 路径遍历漏洞 — Ziostation2CWE-22 7.5AIHighAI2026-04-23
CVE-2026-41176 Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution — rcloneCWE-306 9.1 -2026-04-22
CVE-2026-5935 TSSC/IMC is vulnerable to OS Command Injection — Total Storage Service Console (TSSC) / TS4500 IMCCWE-78 7.3 High2026-04-22
CVE-2026-3621 IBM WebSphere Application Server Liberty is affected by identity spoofing — WebSphere Application Server - LibertyCWE-269 7.5 High2026-04-22
CVE-2026-41175 Statamic: Unsafe method invocation via query value resolution allows data destruction — cmsCWE-470 8.1 High2026-04-22
CVE-2026-34413 Xerte Online Toolkits Missing Authentication via connector.php — xerteonlinetoolkitsCWE-497 8.6 High2026-04-22
CVE-2026-34415 Xerte Online Toolkits File Upload RCE via elfinder Connector — xerteonlinetoolkitsCWE-184 9.8 Critical2026-04-22
CVE-2026-34414 Xerte Online Toolkits Path Traversal via connector.php — xerteonlinetoolkitsCWE-22 7.1 High2026-04-22
CVE-2026-41459 Xerte Online Toolkits Path Disclosure via /setup — xerteonlinetoolkitsCWE-497 5.3 Medium2026-04-22
CVE-2026-26354 Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞 — PowerProtect Data DomainCWE-121 8.1 High2026-04-22
CVE-2026-4922 Cross-Site Request Forgery (CSRF) in GitLab — GitLabCWE-352 8.1 High2026-04-22
CVE-2026-5262 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79 8.0 High2026-04-22
CVE-2026-5816 Improper Resolution of Path Equivalence in GitLab — GitLabCWE-41 8.0 High2026-04-22
CVE-2018-25270 ThinkPHP 5.0.23 Remote Code Execution via invokefunction — ThinkPHPCWE-639 9.8 Critical2026-04-22
CVE-2026-5749 Inadequate access control vulnerability in Fullstep — FullstepCWE-306 7.5AIHighAI2026-04-22
CVE-2026-41651 PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root — PackageKitCWE-367 8.8 High2026-04-22

Vulnerabilities classified as access:pre-auth represent 19065 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.