Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

access:pre-auth — CVE vulnerabilities tagged 21023

21023 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2026-24124 Dragonfly Manager Job API Allows Unauthenticated Access — dragonflyCWE-306 9.8 -2026-01-22
CVE-2025-68609 Authentication bypass in Aries due to misconfiguration — com.palantir.aries:ariesCWE-305 6.6 Medium2026-01-22
CVE-2026-22279 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFSCWE-778 4.3 Medium2026-01-22
CVE-2023-7335 EduSoho < 22.4.7 Arbitrary File Read via classroom-course-statistics — EduSohoCWE-22 7.5AIHighAI2026-01-22
CVE-2026-22278 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFSCWE-307 8.1 High2026-01-22
CVE-2026-23760 SmarterTools SmarterMail < Build 9511 Authentication Bypass via Password Reset API — SmarterMailCWE-288 9.8AICriticalAI2026-01-22
CVE-2026-1327 Totolink NR1800X POST Request cstecgi.cgi setTracerouteCfg command injection — NR1800XCWE-77 6.3 Medium2026-01-22
CVE-2025-13928 Incorrect Authorization in GitLab — GitLabCWE-863 7.5 High2026-01-22
CVE-2025-13927 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 7.5 High2026-01-22
CVE-2026-1102 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 5.3 Medium2026-01-22
CVE-2026-1326 Totolink NR1800X POST Request cstecgi.cgi setWanCfg command injection — NR1800XCWE-77 6.3 Medium2026-01-22
CVE-2026-1332 HAMASTAR Technology|MeetingHub - Missing Authentication — MeetingHubCWE-306 5.3 Medium2026-01-22
CVE-2026-1331 AMASTAR Technology|MeetingHub - Arbitrary File Upload — MeetingHubCWE-434 9.8 Critical2026-01-22
CVE-2026-1330 HAMASTAR Technology|MeetingHub - Arbitrary File Read — MeetingHubCWE-36 7.5 High2026-01-22
CVE-2026-0920 LA-Studio Element Kit for Elementor <= 1.5.6.3 - Unauthenticated Privilege Escalation via Backdoor to Administrative User Creation via lakit_bkrole parameter — LA-Studio Element Kit for ElementorCWE-269 9.8 Critical2026-01-22
CVE-2026-24042 Appsmith public apps can execute unpublished actions (viewMode confusion) — appsmithCWE-862 9.4 Critical2026-01-22
CVE-2026-24036 Horilla Exposes Unpublished Job Disclosures through Unauthenticated API — horillaCWE-284 5.3 Medium2026-01-22
CVE-2026-24055 Langfuse Slack OAuth Installation Endpoint Lacks Authentication, Enabling Arbitrary Project Linking — langfuseCWE-284 6.5AIMediumAI2026-01-22
CVE-2026-1036 Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.36 - Missing Authorization to Unauthenticated Arbitrary Comment Deletion — Photo Gallery by 10Web – Mobile-Friendly Image GalleryCWE-862 5.3 Medium2026-01-21
CVE-2026-23524 Laravel Redis Horizontal Scaling Insecure Deserialization — reverbCWE-502 9.8 Critical2026-01-21
CVE-2026-22808 Fleet Windows MDM endpoint has a Cross-site Scripting vulnerability — fleetCWE-79 8.8AIHighAI2026-01-21
CVE-2025-69285 SQLBot uploadExcel Endpoint has Unauthenticated Arbitrary File Upload vulnerability — SQLBotCWE-306 9.8AICriticalAI2026-01-21
CVE-2021-47860 GetSimple CMS Custom JS 0.1 - CSRF to XSS to RCE — Custom JS PluginCWE-352 5.3 Medium2026-01-21
CVE-2021-47851 Mini Mouse 9.2.0 - Remote Code Execution — Mini MouseCWE-78 9.8 Critical2026-01-21
CVE-2021-47846 Digital Crime Report Management System 1.0 - SQL Injection — Digital Crime Report Management SystemCWE-89 8.2 High2026-01-21
CVE-2021-47802 Tenda D151 & D301 - Configuration Download — Tenda D151 & D301CWE-306 7.5 High2026-01-21
CVE-2026-0834 Logic Vulnerability on TP-Link Archer C20, Archer AX53 and TL-WR841N v13 — Archer C20 v6.0, Archer AX53 v1.0CWE-290 8.8AIHighAI2026-01-21
CVE-2026-20045 Cisco Unified Communications Products Remote Code Execution Vulnerability — Cisco Unified Communications ManagerCWE-94 8.2 High2026-01-21
CVE-2026-20080 Cisco IEC6400 Edge Compute Appliance SSH Denial of Service Vulnerability — Cisco Ultra-Reliable Wireless BackhaulCWE-400 5.3 Medium2026-01-21
CVE-2025-15521 Academy LMS – WordPress LMS Plugin for Complete eLearning Solution <= 3.5.0 - Unauthenticated Privilege Escalation via Account Takeover — Academy LMS – WordPress LMS Plugin for Complete eLearning SolutionCWE-639 9.8 Critical2026-01-21

Vulnerabilities classified as access:pre-auth represent 21023 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.