Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

access:pre-auth — CVE vulnerabilities tagged 21158

21158 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2025-14534 UTT 进取 512W Endpoint formNatStaticMap strcpy buffer overflow — 进取 512WCWE-120 9.8 Critical2025-12-11
CVE-2025-12029 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79 8.0 High2025-12-11
CVE-2025-12562 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 7.5 High2025-12-11
CVE-2025-13764 WP CarDealer <= 1.2.16 - Unauthenticated Privilege Escalation — WP CarDealerCWE-269 9.8 Critical2025-12-11
CVE-2025-11467 RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 5.1.1 - Unauthenticated Blind Server-Side Request Forgery — RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds AggregatorCWE-918 5.8 Medium2025-12-11
CVE-2025-67718 Formio improperly authorized permission elevation through specially crafted request path — formioCWE-178 7.5AIHighAI2025-12-11
CVE-2020-36902 UBICOD Medivision Digital Signage 1.5.1 Authorization Bypass via User Privileges — UBICOD Medivision Digital SignageCWE-862 9.8AICriticalAI2025-12-10
CVE-2020-36899 QiHang Media Web Digital Signage 3.0.9 Unauthenticated Arbitrary File Disclosure — QiHang Media Web Digital SignageCWE-530 7.5AIHighAI2025-12-10
CVE-2020-36898 QiHang Media Web Digital Signage 3.0.9 Unauthenticated Arbitrary File Deletion — QiHang Media Web Digital SignageCWE-22 9.1AICriticalAI2025-12-10
CVE-2020-36897 QiHang Media Web Digital Signage 3.0.9 Unauthenticated Remote Code Execution — QiHang Media Web Digital SignageCWE-434 9.8AICriticalAI2025-12-10
CVE-2020-36896 QiHang Media Web Digital Signage 3.0.9 Cleartext Credentials Disclosure — QiHang Media Web Digital SignageCWE-522 8.4AIHighAI2025-12-10
CVE-2020-36895 EIBIZ i-Media Server Digital Signage 3.8.0 Unauthenticated Configuration Disclosure — i-Media Server Digital SignageCWE-639 9.8AICriticalAI2025-12-10
CVE-2020-36894 Eibiz i-Media Server Digital Signage 3.8.0 Unauthenticated User Creation Vulnerability — i-Media Server Digital SignageCWE-306 9.8AICriticalAI2025-12-10
CVE-2020-36893 Eibiz i-Media Server Digital Signage 3.8.0 Directory Traversal Vulnerability — i-Media Server Digital SignageCWE-22 7.5AIHighAI2025-12-10
CVE-2020-36892 Eibiz i-Media Server Digital Signage 3.8.0 Unauthenticated Privilege Escalation — i-Media Server Digital SignageCWE-306 9.8AICriticalAI2025-12-10
CVE-2020-36887 SpinetiX Fusion Digital Signage 3.4.8 Unauthenticated Database Backup Disclosure — Fusion Digital SignageCWE-312 7.5AIHighAI2025-12-10
CVE-2020-36884 BrightSign Digital Signage Diagnostic Web Server 8.2.26 Unauthenticated SSRF — BrightSign Digital Signage Diagnostic Web ServerCWE-918 5.3AIMediumAI2025-12-10
CVE-2025-62181 Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by a User Enumeration where during user authentication process, a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not. — Pega InfinityCWE-204 5.3 Medium2025-12-10
CVE-2025-67460 Zoom Rooms for Windows - Software Downgrade Protection Mechanism Failure — Zoom RoomsCWE-693 7.8 High2025-12-10
CVE-2025-67635 Jenkins 安全漏洞 — Jenkins 7.5AIHighAI2025-12-10
CVE-2025-34395 Barracuda RMM < 2025.1.1 Service Center .NET Remoting Path Traversal RCE — RMMCWE-22 9.1AICriticalAI2025-12-10
CVE-2024-2104 JBL: Improper BLE security configurations and lack of authentication on the device's GATT server — LIVE PRO 2 TWSCWE-306 8.8 High2025-12-10
CVE-2025-13184 Unauthenticated Telnet enablement via cstecgi.cgi (auth bypass) leading to unauthenticated root login with a blank password — X5000R's (AX1800 router) 9.8AICriticalAI2025-12-10
CVE-2025-41732 Stack-based buffer overflow via unsafe sscanf in check_cookie() — Indsutrial-Managed-SwitchesCWE-121 9.8 Critical2025-12-10
CVE-2025-41730 Stack-based buffer overflow via unsafe sscanf in check_account() — Indsutrial-Managed-SwitchesCWE-121 9.8 Critical2025-12-10
CVE-2025-14390 Video Merchant <= 5.0.4 - Cross-Site Request Forgery to Arbitrary File Upload — Video MerchantCWE-434 8.8 High2025-12-10
CVE-2025-9315 Unauthenticated Device Registration Vulnerability in MXsecurity Series — MXsecurity SeriesCWE-915 9.4AICriticalAI2025-12-10
CVE-2025-13339 Hippoo Mobile App for WooCommerce <= 1.7.1 - Unauthenticated Arbitrary File Read — Hippoo Mobile App for WooCommerceCWE-22 7.5 High2025-12-10
CVE-2025-13613 Elated Membership <= 1.2 - Authentication Bypass via Social Login — Elated MembershipCWE-289 9.8 Critical2025-12-10
CVE-2025-65824 Meatmeet Pro BBQ Thermometer 安全漏洞 — n/a 7.5AIHighAI2025-12-10

Vulnerabilities classified as access:pre-auth represent 21158 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.