Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

access:pre-auth — CVE vulnerabilities tagged 20998

20998 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2026-1235 WP eCommerce <= 3.15.1 - Unauthenticated PHP Object Injection — WP eCommerce 9.8AICriticalAI2026-02-11
CVE-2026-1357 Migration, Backup, Staging <= 0.9.123 - Unauthenticated Arbitrary File Upload — WPvivid — Backup, Migration & StagingCWE-434 9.8 Critical2026-02-11
CVE-2025-65127 ZBT WE2001 安全漏洞 — n/a 9.1AICriticalAI2026-02-11
CVE-2025-65128 ZBT WE2001 安全漏洞 — n/a 6.2AIMediumAI2026-02-11
CVE-2025-69871 Medusa 安全漏洞 — n/a 3.7AILowAI2026-02-11
CVE-2026-25872 JUNG Smart Panel 5.1 KNX Unauthenticated Path Traversal — JUNG Smart Panel 5.1 KNXCWE-22 5.3 Medium2026-02-10
CVE-2026-1507 Uncaught Exception vulnerability in AVEVA PI Data Archive — PI Data Archive PI ServerCWE-248 7.5 High2026-02-10
CVE-2026-25611 Pre-Authentication Memory Exhaustion Denial of Service in MongoDB Server — MongoDB ServerCWE-405 7.5 High2026-02-10
CVE-2026-26003 FastGPT Plugin forwarding request is not authenticated, posing a serious risk of attack — FastGPTCWE-601 6.5AIMediumAI2026-02-10
CVE-2026-0651 Path Traversal on TP-Link Tapo D235 and C260 via Local https — Tapo C260 v1CWE-22 6.1AIMediumAI2026-02-10
CVE-2026-25577 Emmett has an Unhandled CookieError Exception Causing Denial of Service — coreCWE-248 7.5 High2026-02-10
CVE-2025-32008 Intel AMT和Intel Standard Manageability 缓冲区错误漏洞 — Intel(R) AMT and Intel(R) Standard Manageability 8.6 High2026-02-10
CVE-2025-20080 Intel AMT和Intel Standard Manageability 代码问题漏洞 — Intel(R) AMT and Intel(R) Standard Manageability 6.8 Medium2026-02-10
CVE-2025-68686 Fortinet FortiOS 信息泄露漏洞 — FortiOSCWE-200 5.3 Medium2026-02-10
CVE-2025-52436 Fortinet FortiSandbox 跨站脚本漏洞 — FortiSandboxCWE-79 7.9 High2026-02-10
CVE-2025-55018 Fortinet FortiOS 环境问题漏洞 — FortiOSCWE-444 5.2 Medium2026-02-10
CVE-2026-22153 Fortinet FortiOS 安全漏洞 — FortiOSCWE-305 7.5 High2026-02-10
CVE-2026-1603 Ivanti Endpoint Manager 安全漏洞 — Endpoint ManagerCWE-288 8.6 High2026-02-10
CVE-2026-23906 Apache Druid: Authentication Bypass via LDAP Anonymous Bind — Apache DruidCWE-287 9.8AICriticalAI2026-02-10
CVE-2026-1866 Name Directory <= 1.32.0 - Unauthenticated Stored Cross-Site Scripting via Double HTML-Entity Encoding in Submission Form — Name DirectoryCWE-79 7.2 High2026-02-10
CVE-2026-2268 Ninja Forms <= 3.14.0 - Unauthenticated Information Disclosure in nf_ajax_submit AJAX Action — Ninja Forms – The Contact Form Builder That Grows With YouCWE-200 7.5 High2026-02-10
CVE-2026-1722 WCFM Marketplace <= 3.7.0 - Insecure Direct Object Reference to Unauthenticated Arbitrary Refund Request Creation — WCFM Marketplace – Multivendor Marketplace for WooCommerceCWE-862 5.3 Medium2026-02-10
CVE-2026-2098 Flowring|AgentFlow - Reflected Cross-site Scripting — AgentFlowCWE-79 6.1 Medium2026-02-10
CVE-2026-2096 Flowring|Agentflow - Missing Authenticaton — AgentflowCWE-288 9.8 Critical2026-02-10
CVE-2026-2095 Flowring|Agentflow - Authentication Bypass — AgentflowCWE-288 9.8 Critical2026-02-10
CVE-2026-2093 Flowring|Docpedia - SQL Injection — DocpediaCWE-89 7.5 High2026-02-10
CVE-2026-24328 Open Redirection vulnerability in Business Server Pages Application (TAF_APPLAUNCHER) — Business Server Pages Application (TAF_APPLAUNCHER)CWE-601 6.1 Medium2026-02-10
CVE-2026-24323 Multiple vulnerabilities in BSP Applications of SAP Document Management System — SAP Document Management SystemCWE-601 6.1 Medium2026-02-10
CVE-2026-24321 Information Disclosure vulnerability in SAP Commerce Cloud — SAP Commerce CloudCWE-359 5.3 Medium2026-02-10
CVE-2026-0505 Multiple vulnerabilities in BSP Applications of SAP Document Management System — SAP Document Management SystemCWE-79 6.1 Medium2026-02-10

Vulnerabilities classified as access:pre-auth represent 20998 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.