Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

access:pre-auth — CVE vulnerabilities tagged 20998

20998 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2026-26077 Discourse doesn't ensure webhooks require a token — discourseCWE-287 6.5 Medium2026-02-26
CVE-2026-24004 Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint — fleetCWE-862 8.2AIHighAI2026-02-26
CVE-2026-27975 Ajenti has a potential Remote Code Execution — ajentiCWE-284 9.8AICriticalAI2026-02-26
CVE-2026-1779 User Registration & Membership <= 5.1.2 - Authentication Bypass — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-288 8.1 High2026-02-26
CVE-2026-2356 User Registration & Membership <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-284 5.3 Medium2026-02-26
CVE-2026-1557 WP Responsive Images <= 1.0 - Unauthenticated Path Traversal to Arbitrary File Read via src — WP Responsive ImagesCWE-22 7.5 High2026-02-26
CVE-2026-2506 EM Cost Calculator <= 2.3.1 - Unauthenticated Stored Cross-Site Scripting via 'customer_name' — EM Cost CalculatorCWE-79 6.1 Medium2026-02-26
CVE-2026-27903 minimatch has a ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments — minimatchCWE-407 7.5 High2026-02-26
CVE-2026-27804 Parse Server: Account takeover via JWT algorithm confusion in Google auth adapter — parse-serverCWE-327 9.8AICriticalAI2026-02-25
CVE-2026-27633 TinyWeb has Unbounded Content-Length Memory Exhaustion (DoS) — TinyWebCWE-400 7.5AIHighAI2026-02-25
CVE-2026-27630 TinyWeb vulnerable to Remote Denial of Service via Thread/Connection Exhaustion (Slowloris) — TinyWebCWE-400 7.5AIHighAI2026-02-25
CVE-2026-27613 CGI Parameter Injection (Bypass of STRICT_CGI_PARAMS and EscapeShellParam) — TinyWebCWE-78 9.8AICriticalAI2026-02-25
CVE-2026-27493 n8n has Unauthenticated Expression Evaluation via Form Node — n8nCWE-94 9.8AICriticalAI2026-02-25
CVE-2026-27148 Storybook Dev Server Vulnerable to WebSocket Hijacking — storybookCWE-74 8.1AIHighAI2026-02-25
CVE-2026-0542 Remote Code Execution in ServiceNow AI Platform — ServiceNow AI PlatformCWE-653 9.8AICriticalAI2026-02-25
CVE-2025-14511 Improper Validation of Specified Quantity in Input in GitLab — GitLabCWE-1284 7.5 High2026-02-25
CVE-2026-0752 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79 8.0 High2026-02-25
CVE-2026-1388 Inefficient Regular Expression Complexity in GitLab — GitLabCWE-1333 7.5 High2026-02-25
CVE-2026-1662 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 7.5 High2026-02-25
CVE-2026-1725 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 5.3 Medium2026-02-25
CVE-2026-25138 Rucio WebUI has Username Enumeration via Login Error Message — rucioCWE-204 5.3 Medium2026-02-25
CVE-2026-22719 VMware Aria Operations command injection vulnerability — VMware Aria Operations 8.1 High2026-02-25
CVE-2026-21902 Junos OS Evolved: PTX Series: A vulnerability allows a unauthenticated, network-based attacker to execute code as root — Junos OS EvolvedCWE-732 9.8 Critical2026-02-25
CVE-2026-20033 Cisco NX-OS Software Denial of Service Vulnerability — Cisco NX-OS System Software in ACI ModeCWE-805 7.4 High2026-02-25
CVE-2026-20010 Cisco Nexus 3000 and 9000 Series Switches Link Layer Discovery Protocol Denial of Service Vulnerability — Cisco NX-OS SoftwareCWE-805 7.4 High2026-02-25
CVE-2026-20051 Cisco Nexus 3600-R and 9500-R Series Switching Platforms Layer 2 Loop Denial of Service Vulnerability — Cisco NX-OS SoftwareCWE-457 7.4 High2026-02-25
CVE-2026-20127 Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability — Cisco Catalyst SD-WAN ManagerCWE-287 10.0 Critical2026-02-25
CVE-2026-20128 Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability — Cisco Catalyst SD-WAN ManagerCWE-257 7.5 High2026-02-25
CVE-2026-20129 Cisco Catayst SD-WAN Authentication Bypass Vulnerability — Cisco Catalyst SD-WAN ManagerCWE-287 9.8 Critical2026-02-25
CVE-2026-20133 Cisco Catalyst SD-WAN Manager(Cisco SD-WAN vManage) 信息泄露漏洞 — Cisco Catalyst SD-WAN ManagerCWE-200 6.5 Medium2026-02-25

Vulnerabilities classified as access:pre-auth represent 20998 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.