Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19065

19065 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2026-40050 CrowdStrike LogScale Unauthenticated Path Traversal — LogScale Self-HostedCWE-306 9.8 Critical2026-04-21
CVE-2026-40576 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in excel-mcp-server — excel-mcp-serverCWE-22 9.4 Critical2026-04-21
CVE-2026-24189 NVIDIA CUDA-Q 缓冲区错误漏洞 — CUDA-QCWE-125 8.2 High2026-04-21
CVE-2019-25714 Seeyon Office Anywhere (OA) A8 Unauthenticated Arbitrary File Write via htmlofficeservlet — A8-V5 Collaborative Management SoftwareCWE-434 9.8AICriticalAI2026-04-21
CVE-2026-40567 FreeScout has HTML Injection in Outgoing Emails via Unsanitized Customer Name in Signature Variables — freescoutCWE-116 5.8 Medium2026-04-21
CVE-2026-40498 FreeScout has Authentication Bypass and Information Disclosure in SystemController via /system/cron — freescoutCWE-200 9.1AICriticalAI2026-04-21
CVE-2026-41039 Information Disclosure Vulnerability in Quantum Networks Router QN-I-470 — Router QN-I-470CWE-306 7.5AIHighAI2026-04-21
CVE-2026-6711 Website LLMs.txt <= 8.2.6 - Reflected Cross-Site Scripting — Website LLMs.txtCWE-79 6.1 Medium2026-04-21
CVE-2026-5965 NewSoft|NewSoftOA - OS Command Injection — NewSoftOACWE-78 9.8 Critical2026-04-21
CVE-2026-6675 Responsive Blocks <= 2.2.0 - Unauthenticated Open Email Relay via REST API 'email_to' Parameter — Responsive Blocks – Page Builder for Blocks & PatternsCWE-20 5.3 Medium2026-04-21
CVE-2026-40496 FreeScout has Predictable Attachment Token that Allows Unauthenticated Private File Download via Brute Force — freescoutCWE-330 8.2AIHighAI2026-04-21
CVE-2026-39320 Signal K Server has an Unauthenticated Regular Expression Denial of Service (ReDoS) via WebSocket Subscription Paths — signalk-serverCWE-400 7.5 High2026-04-21
CVE-2026-34839 Glances Vulnerable to Cross-Origin Information Disclosure via Unauthenticated REST API (/api/4) due to Permissive CORS — glancesCWE-200 6.5AIMediumAI2026-04-20
CVE-2026-41301 OpenClaw 2026.3.22 < 2026.3.31 - Forged Nostr DM Pairing State Creation via Signature Verification Bypass — OpenClawCWE-347 5.3 Medium2026-04-20
CVE-2026-5721 wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 6.5.0.4 - Unauthenticated Stored Cross-Site Scripting via CSV/Excel Data Import — wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts PluginCWE-79 4.7 Medium2026-04-20
CVE-2026-33432 Roxy-WI has Pre-Authentication LDAP Injection that Leads to Authentication Bypass — roxy-wiCWE-287 7.5AIHighAI2026-04-20
CVE-2026-5478 Everest Forms <= 3.4.4 - Unauthenticated Arbitrary File Read and Deletion via Upload Field 'old_files' Parameter — Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form BuilderCWE-22 8.1 High2026-04-20
CVE-2026-25058 Vexa's unauthenticated internal transcript endpoint exposed by default — vexaCWE-306 7.5 High2026-04-20
CVE-2026-26944 Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞 — PowerProtect Data DomainCWE-306 8.8 High2026-04-20
CVE-2026-24467 OpenAEV's Improper Password Reset Token Management Leads to Unauthenticated Account Takeover and Platform Compromise — openaevCWE-640 9.1 Critical2026-04-20
CVE-2026-39918 Vvveb < 1.0.8.1 Code Injection via Installation Endpoint — VvvebCWE-94 9.8 Critical2026-04-20
CVE-2026-6369 Exposed Session Token in canonical-livepatch client snap — canonical-livepatchCWE-306 7.8AIHighAI2026-04-20
CVE-2026-5964 Digiwin|EasyFlow .NET - SQL Injection — EasyFlow .NETCWE-89 9.8 Critical2026-04-20
CVE-2026-5963 Digiwin|EasyFlow .NET - SQL Injection — EasyFlow .NETCWE-89 9.8 Critical2026-04-20
CVE-2026-6604 modelscope agentscope Cloud Metadata Endpoint _openai_tools.py openai_audio_to_text server-side request forgery — agentscopeCWE-918 7.3 High2026-04-20
CVE-2026-32957 Silex SD-330AC和Silex AMC Manager 安全漏洞 — SD-330ACCWE-306 5.3 Medium2026-04-20
CVE-2026-32962 Silex SD-330AC和Silex AMC Manager 安全漏洞 — SD-330ACCWE-306 5.3 Medium2026-04-20
CVE-2025-66954 Buffalo LinkStation 安全漏洞 — n/a 5.3AIMediumAI2026-04-20
CVE-2026-39111 PHPGurukul Apartment Visitors Management System 安全漏洞 — n/a 9.1AICriticalAI2026-04-20
CVE-2026-39110 PHPGurukul Apartment Visitors Management System 安全漏洞 — n/a 7.5AIHighAI2026-04-20

Vulnerabilities classified as access:pre-auth represent 19065 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.