目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1336 CNY

100%

access:pre-auth 标签下的 CVE 漏洞 20998

access:pre-auth 类型相关 20998 条 CVE 漏洞,含 AI 中文分析、CVSS、参考链接与 POC。

“access:pre-auth”标签标识了无需身份验证即可触发的漏洞,涵盖18971个CVE。此类漏洞之所以关键,是因为攻击者无需凭证即可直接利用,极大降低了攻击门槛并扩大了潜在受害面。典型场景包括远程代码执行、未授权数据访问及拒绝服务攻击,常见于配置错误的API接口、默认凭证服务或存在逻辑缺陷的认证前处理模块,对系统安全性构成直接且严重的威胁。

CVE IDタイトルCVSS深刻度公開日
CVE-2026-0753 Super Simple Contact Form <= 1.6.2 - Reflected Cross-Site Scripting via 'sscf_name' Parameter — Super Simple Contact FormCWE-79 7.2 High2026-02-14
CVE-2026-1306 midi-Synth <= 1.1.0 - Unauthenticated Arbitrary File Upload via 'export' AJAX Action — midi-SynthCWE-434 9.8 Critical2026-02-14
CVE-2026-1394 WP Quick Contact Us <= 1.0 - Cross-Site Request Forgery to Settings Update — WP Quick Contact UsCWE-352 4.3 Medium2026-02-14
CVE-2026-1944 CallbackKiller service widget <= 1.2 - Missing Authorization to Unauthenticated Arbitrary Plugin Settings Update — CallbackKiller service widgetCWE-862 5.3 Medium2026-02-14
CVE-2025-14852 MDirector Newsletter <= 4.5.8 - Cross-Site Request Forgery to Plugin Settings Update — MDirector Newsletter WordPress PluginCWE-352 4.3 Medium2026-02-14
CVE-2026-2024 PhotoStack Gallery <= 0.4.1 - Unauthenticated SQL Injection via 'postid' Parameter — PhotoStack GalleryCWE-89 7.5 High2026-02-14
CVE-2026-1795 Address Bar Ads <= 1.0.0 - Reflected Cross-Site Scripting — Address Bar AdsCWE-79 6.1 Medium2026-02-14
CVE-2026-1792 Geo Widet <= 1.0 - Reflected Cross-Site Scripting — Geo WidgetCWE-79 6.1 Medium2026-02-14
CVE-2025-14873 LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.5 - Cross-Site Request Forgery — LatePoint – Calendar Booking Plugin for Appointments and EventsCWE-352 4.3 Medium2026-02-14
CVE-2025-6792 One to one user Chat by WPGuppy <= 1.1.4 - Unauthenticated Information Disclosure via Chat Message Interception — One to one user Chat by WPGuppyCWE-306 5.3 Medium2026-02-14
CVE-2026-1796 StyleBidet <= 1.0.0 - Reflected Cross-Site Scripting — StyleBidetCWE-79 6.1 Medium2026-02-14
CVE-2026-1932 Appointment Booking Calendar Plugin <= 1.0.2 - Missing Authorization to Unauthenticated Arbitrary Appointment Status Modification — Appointment Booking Calendar Plugin – BookrCWE-862 5.3 Medium2026-02-14
CVE-2026-0692 BlueSnap Payment Gateway for WooCommerce <= 3.4.0 - Missing Authorization to Unauthenticated Arbitrary Order Status Manipulation — BlueSnap Payment Gateway for WooCommerceCWE-862 7.5 High2026-02-14
CVE-2026-1983 SEATT: Simple Event Attendance <= 1.5.0 - Cross-Site Request Forgery to Arbitrary Event Deletion — SEATT: Simple Event AttendanceCWE-352 4.3 Medium2026-02-14
CVE-2026-1754 personal-authors-category <= 0.3 - Reflected Cross-Site Scripting — personal-authors-categoryCWE-79 6.1 Medium2026-02-14
CVE-2026-2144 Magic Login Mail or QR Code <= 2.05 - Unauthenticated Privilege Escalation via Insecure QR Code File Storage — Magic Login Mail or QR CodeCWE-269 8.1 High2026-02-14
CVE-2025-13973 StickEasy Protected Contact Form <= 1.0.1 - Unauthenticated Information Disclosure — StickEasy Protected Contact FormCWE-200 5.3 Medium2026-02-14
CVE-2026-26273 Known affected by Account Takeover via Password Reset Token Leakage — knownCWE-200 9.8AICriticalAI2026-02-13
CVE-2026-1841 PixelYourSite <= 11.2.0 - Unauthenticated Stored Cross-Site Scripting — PixelYourSite – Your smart PIXEL (TAG) & API ManagerCWE-79 7.2 High2026-02-13
CVE-2026-1844 PixelYourSite PRO <= 12.4.0.2 - Unauthenticated Stored Cross-Site Scripting — PixelYourSite Pro – Your smart PIXEL (TAG) ManagerCWE-79 7.2 High2026-02-13
CVE-2026-26333 Calero VeraSMART < 2022 R1 .NET Remoting Arbitrary File Read Leading to ViewState RCE — VeraSMARTCWE-306 9.1AICriticalAI2026-02-13
CVE-2026-26190 Milvus Allows Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise — milvusCWE-306 9.8 Critical2026-02-13
CVE-2026-26221 Hyland OnBase Timer Service Unauthenticated .NET Remoting RCE — OnBase Workflow Timer ServiceCWE-502 9.8 Critical2026-02-13
CVE-2025-69633 PrestaShop 安全漏洞 — n/a 9.8AICriticalAI2026-02-13
CVE-2019-25333 Bullwark Momentum Series JAWS 1.0 - 'Momentum Series JAWS' Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') — Momentum Series JAWSCWE-22 7.5 High2026-02-12
CVE-2019-25325 Thrive Smart Home 1.1 - 'Smart Home' Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') — Smart HomeCWE-89 8.2 High2026-02-12
CVE-2026-1358 Airleader Master Unrestricted Upload of File with Dangerous Type — Airleader MasterCWE-434 9.8 Critical2026-02-12
CVE-2026-26011 Critical Heap Out-of-bounds Access in `pf_cluster_stats()` via Malicious /initialpose Covariance -- Potential Remote Code Execution — navigation2CWE-787 8.8AIHighAI2026-02-12
CVE-2026-25949 Traefik: TCP readTimeout bypass via STARTTLS on Postgres — traefikCWE-400 7.5 High2026-02-12
CVE-2026-26218 newbee-mall Default Seeded Administrator Credentials Allow Account Takeover — newbee-mallCWE-798 9.8 Critical2026-02-12

access:pre-auth 是常见的弱点类别,本平台收录该类弱点关联的 20998 条 CVE 漏洞。