Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

access:pre-auth — CVE vulnerabilities tagged 21072

21072 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2025-14434 Ultimate Post Kit < 4.0.16 – Unauthenticated Arbitrary Post Content Disclosure — Ultimate Post Kit Addons for Elementor 5.3 -2025-12-31
CVE-2025-13029 Knowband Mobile App Builder for wooCommerce < 3.0.0 – Unauthenticated Arbitrary User Deletion — Knowband Mobile App Builder 7.5 -2025-12-31
CVE-2022-50802 ETAP Safety Manager 1.0.0.32 Unauthenticated Reflected Cross-Site Scripting via Action Parameter — ETAP Safety ManagerCWE-79 6.1 Medium2025-12-30
CVE-2024-58336 Akuvox Smart Intercom S539 Unauthenticated Video Stream Disclosure — Akuvox Smart DoorphoneCWE-306 5.3 Medium2025-12-30
CVE-2023-54327 Tinycontrol LAN Controller 1.58a Authentication Bypass via Admin Password Change — LAN ControllerCWE-862 9.8 Critical2025-12-30
CVE-2022-50796 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Remote Code Execution via upload.cgi — Impact/Pulse/FirstCWE-22 9.8 Critical2025-12-30
CVE-2022-50794 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Command Injection via Username — Impact/Pulse/FirstCWE-78 9.8 Critical2025-12-30
CVE-2022-50795 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Conditional Command Injection via traceroute.php — Impact/Pulse/FirstCWE-78 7.8 High2025-12-30
CVE-2022-50792 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated File Disclosure Vulnerability — Impact/Pulse/FirstCWE-22 7.5 High2025-12-30
CVE-2022-50789 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Conditional Command Injection via dns.php — Impact/Pulse/FirstCWE-78 7.8 High2025-12-30
CVE-2022-50790 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Radio Stream Disclosure — Impact/Pulse/FirstCWE-306 7.5 High2025-12-30
CVE-2022-50791 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Conditional Command Injection via ping.php — Impact/Pulse/FirstCWE-78 7.8 High2025-12-30
CVE-2022-50787 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Stored Cross-Site Scripting — Impact/Pulse/FirstCWE-79 7.2 High2025-12-30
CVE-2022-50788 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Information Disclosure via Log Directory — Impact/Pulse/FirstCWE-548 7.5 High2025-12-30
CVE-2022-50695 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x ICMP Flood Attack via Network Commands — Impact/Pulse/FirstCWE-770 7.5 High2025-12-30
CVE-2022-50691 MiniDVBLinux 5.4 Remote Root Command Execution via commands.sh — MiniDVBLinuxCWE-78 9.8 Critical2025-12-30
CVE-2025-15355 NetVision Information|ISOinsight - Reflected Cross-site Scripting — ISOinsightCWE-79 6.1 Medium2025-12-30
CVE-2025-69217 Coturn has unsafe nonce and relay port randomization due to weak random number generation. — coturnCWE-338 7.7 High2025-12-30
CVE-2025-15284 arrayLimit bypass in bracket notation allows DoS via memory exhaustion CWE-20 3.7 Low2025-12-29
CVE-2025-14280 PixelYourSite <= 11.1.5 - Sensitive Information Exposure via Log File — PixelYourSite – Your smart PIXEL (TAG) & API ManagerCWE-200 5.3 Medium2025-12-29
CVE-2025-69211 Nest has a Fastify URL Encoding Middleware Bypass (TOCTOU) — nestCWE-367 8.1 -2025-12-29
CVE-2025-69200 phpMyFAQ has unauthenticated config backup download via /api/setup/backup — phpMyFAQCWE-202 7.5 High2025-12-29
CVE-2025-15228 WELLTEND TECHNOLOGY| BPMFlowWebkit - Arbitrary File Upload — BPMFlowWebkitCWE-434 9.8 Critical2025-12-29
CVE-2025-15227 WELLTEND TECHNOLOGY| BPMFlowWebkit - Arbitrary File Read — BPMFlowWebkitCWE-36 7.5 High2025-12-29
CVE-2025-15226 Sunnet|WMPro - Arbitrary File Upload — WMProCWE-434 9.8 Critical2025-12-29
CVE-2025-15225 Sunnet|WMPro - Arbitrary File Read — WMProCWE-23 7.5 High2025-12-29
CVE-2025-52691 Upload Arbitrary Files — SmarterMail 10.0 Critical2025-12-29
CVE-2025-15129 ChenJinchuang Lin-CMS-TP5 File Upload LocalUploader.php upload code injection — Lin-CMS-TP5CWE-94 6.3 Medium2025-12-28
CVE-2025-67014 DEV 7113 RF over Fiber Distribution System 安全漏洞 — n/a 9.8 -2025-12-26
CVE-2025-14913 Frontend Post Submission Manager Lite <= 1.2.6 - Incorrect Authorization to Unauthenticated Arbitrary Attachment Deletion — Frontend Post Submission Manager Lite – Frontend Posting WordPress PluginCWE-862 5.3 Medium2025-12-25

Vulnerabilities classified as access:pre-auth represent 21072 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.