Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19065

19065 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2026-34291 Oracle HTTP Server 安全漏洞 — Oracle HTTP Server 8.7 High2026-04-21
CVE-2026-34288 Oracle Identity Manager Connector 安全漏洞 — Oracle Identity Manager Connector 5.9 Medium2026-04-21
CVE-2026-34289 Oracle Identity Manager Connector 安全漏洞 — Oracle Identity Manager Connector 5.9 Medium2026-04-21
CVE-2026-34286 Oracle Identity Manager Connector 安全漏洞 — Oracle Identity Manager Connector 9.1 Critical2026-04-21
CVE-2026-34287 Oracle Identity Manager Connector 安全漏洞 — Oracle Identity Manager Connector 9.1 Critical2026-04-21
CVE-2026-34284 Oracle Business Process Management Suite 安全漏洞 — Oracle Business Process Management Suite 6.1 Medium2026-04-21
CVE-2026-34285 Oracle Identity Manager Connector 安全漏洞 — Oracle Identity Manager Connector 9.1 Critical2026-04-21
CVE-2026-34283 Oracle Identity Manager 安全漏洞 — Oracle Identity Manager 6.1 Medium2026-04-21
CVE-2026-34282 Oracle多款产品 安全漏洞 — Oracle Java SE 7.5 High2026-04-21
CVE-2026-34275 Oracle Advanced Inbound Telephony 安全漏洞 — Oracle Advanced Inbound Telephony 9.8 Critical2026-04-21
CVE-2026-34273 Oracle GoldenGate 安全漏洞 — Oracle GoldenGate 5.3 Medium2026-04-21
CVE-2026-34274 Oracle Configurator 安全漏洞 — Oracle Configurator 6.1 Medium2026-04-21
CVE-2026-34269 Oracle PeopleSoft Enterprise PeopleTools 安全漏洞 — PeopleSoft Enterprise PeopleTools 6.1 Medium2026-04-21
CVE-2026-34268 Oracle多款产品 安全漏洞 — Oracle Java SE 2.9 Low2026-04-21
CVE-2026-22021 Oracle多款产品 安全漏洞 — Oracle Java SE 5.3 Medium2026-04-21
CVE-2026-22018 Oracle多款产品 安全漏洞 — Oracle Java SE 3.7 Low2026-04-21
CVE-2026-22016 Oracle多款产品 安全漏洞 — Oracle Java SE 7.5 High2026-04-21
CVE-2026-22013 Oracle多款产品 安全漏洞 — Oracle Java SE 5.3 Medium2026-04-21
CVE-2026-22010 Oracle Financial Services Analytical Applications Infrastructure 安全漏洞 — Oracle Financial Services Analytical Applications Infrastructure 7.5 High2026-04-21
CVE-2026-22008 Oracle Java SE 安全漏洞 — Oracle Java SE 3.7 Low2026-04-21
CVE-2026-22007 Oracle多款产品 安全漏洞 — Oracle Java SE 2.9 Low2026-04-21
CVE-2026-21999 Oracle Database Server 安全漏洞 — Oracle Database Server 5.3 Medium2026-04-21
CVE-2026-40911 WWBN AVideo YPTSocket WebSocket Broadcast Relay Leads to Unauthenticated Cross-User JavaScript Execution via Client-Side eval() Sinks — AVideoCWE-94 10.0 Critical2026-04-21
CVE-2026-40908 WWBN AVideo has an Unauthenticated Information Disclosure via git.json.php that Exposes Developer Emails and Deployed Version — AVideoCWE-200 5.3 Medium2026-04-21
CVE-2026-40885 goshs: Public collaborator feed leaks .goshs ACL credentials and enables unauthorized access — goshsCWE-200 9.1AICriticalAI2026-04-21
CVE-2026-40884 goshs: Empty-username SFTP password authentication bypass in goshs — goshsCWE-306 9.8 Critical2026-04-21
CVE-2026-40887 @vendure/core has a SQL Injection vulnerability — vendureCWE-89 9.1 Critical2026-04-21
CVE-2026-40872 mailcow: dockerized vulnerable to stored XSS in autodiscover logs email address field — mailcow-dockerizedCWE-79 6.1AIMediumAI2026-04-21
CVE-2026-41456 Bludit CMS Reflected XSS via Search Plugin — bluditCWE-79 6.1AIMediumAI2026-04-21
CVE-2026-40613 Coturn: Misaligned Memory Access in coturn STUN Attribute Parser (Remote DoS on ARM64) — coturnCWE-704 7.5 High2026-04-21

Vulnerabilities classified as access:pre-auth represent 19065 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.