Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

access:pre-auth — CVE vulnerabilities tagged 21102

21102 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2025-12721 g-FFL Cockpit <= 1.7.1 - Missing Authorization to Unauthenticated Information Exposure — g-FFL CockpitCWE-862 5.3 Medium2025-12-06
CVE-2025-13137 Live Sales Notification for Woocommerce – Woomotiv <= 3.6.3 - Reflected Cross-Site Scripting — Live Sales Notification for Woocommerce – WoomotivCWE-79 6.1 Medium2025-12-06
CVE-2025-13626 myLCO <= 0.8.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] — myLCOCWE-79 6.1 Medium2025-12-06
CVE-2025-11263 Link Whisper Free <= 0.8.8 - Reflected Cross-Site Scripting — Link Whisper FreeCWE-79 6.1 Medium2025-12-06
CVE-2025-12510 Widgets for Google Reviews <= 13.2.4 - Unauthenticated Stored Cross-Site Scripting via Google Reviews — Widgets for Google ReviewsCWE-79 7.2 High2025-12-06
CVE-2025-46603 Dell CloudBoost Virtual Appliance 安全漏洞 — CloudBoost Virtual ApplianceCWE-307 7.0 High2025-12-05
CVE-2020-36882 Flexsense DiskBoss Application Crash Denial of Service — DiskBossCWE-434 7.5 -2025-12-05
CVE-2020-36881 Flexsense DiskBoss 'Add Input Directory' Buffer Overflow — DiskBossCWE-119 8.4 -2025-12-05
CVE-2025-34256 Advantech WISE-DeviceOn Server < 5.4 Hard-coded JWT Key Authentication Bypass — WISE-DeviceOn ServerCWE-321 9.8 -2025-12-05
CVE-2020-36879 Flexsense DiskBoss Service Unquoted Service Path Vulnerability — DiskBossCWE-428 9.8 -2025-12-05
CVE-2020-36878 ReQuest Serious Play F3 Media Player <= 3.0.0 Directory Traversal File Disclosure — ReQuest Serious Play Media PlayerCWE-73 7.5 -2025-12-05
CVE-2020-36877 ReQuest Serious Play F3 Media Server <= 7.0.3 code execution — ReQuest Serious Play ProCWE-78 9.8 -2025-12-05
CVE-2020-36876 ReQuest Serious Play F3 Media Server <= 7.0.3 Debug Log Disclosure2020 — ReQuest Serious Play ProCWE-532 7.5 -2025-12-05
CVE-2025-14092 Edimax BR-6478AC V3 formDebugDiagnosticRun sub_416898 os command injection — BR-6478AC V3CWE-78 4.7 Medium2025-12-05
CVE-2025-14090 AMTT Hotel Broadband Operation System cardmake_down.php sql injection — Hotel Broadband Operation SystemCWE-89 4.7 Medium2025-12-05
CVE-2025-13620 Wp Social Login and Register Social Counter <= 3.1.3 - Missing Authorization in Cache REST Endpoints to Social Counter Tampering — Wp Social Login and Register Social CounterCWE-862 5.3 Medium2025-12-05
CVE-2025-12876 Projectopia – WordPress Project Management <= 5.1.19 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion — Projectopia – Project Management ToolCWE-862 5.3 Medium2025-12-05
CVE-2025-12879 User Generator and Importer <= 1.2.2 - Cross-Site Request Forgery to Privilege Escalation via Arbitrary Administrator Account Creation — User Generator and ImporterCWE-352 8.8 High2025-12-05
CVE-2025-12851 My auctions allegro <= 3.6.32 - Unauthenticated Local File Inclusion via controller — My auctions allegroCWE-98 8.1 High2025-12-05
CVE-2025-12130 WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors <= 2.6.4 - Cross-Site Request Forgery to Vendor Product Deletion — WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product VendorsCWE-352 4.3 Medium2025-12-05
CVE-2025-13684 ARK Related Posts <= 2.19 - Cross-Site Request Forgery to Settings Update — ARK Related PostsCWE-352 4.3 Medium2025-12-05
CVE-2025-12850 My auctions allegro <= 3.6.32 - Unauthenticated SQL Injection via auction_id — My auctions allegroCWE-89 7.5 High2025-12-05
CVE-2025-12093 Voidek Employee Portal <= 1.0.7 - Missing Authorization — Voidek Employee PortalCWE-862 5.3 Medium2025-12-05
CVE-2025-12355 Payaza <= 0.3.8 - Missing Authorization to Unauthenticated Order Status Update — PayazaCWE-862 5.3 Medium2025-12-05
CVE-2025-13515 Nouri.sh Newsletter <= 1.0.1.3 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] — Nouri.sh NewsletterCWE-79 6.1 Medium2025-12-05
CVE-2025-12374 Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login – User Verification <= 2.0.44 - Authentication Bypass to Account Takeover — User Verification by PickPluginsCWE-287 9.8 Critical2025-12-05
CVE-2025-12373 Torod – The smart shipping and delivery portal for e-shops and retailers <= 1.9 - Cross-Site Request Forgery To Plugin's Settings Modification — Torod – The smart shipping and delivery portal for e-shops and retailersCWE-352 4.3 Medium2025-12-05
CVE-2025-13528 Feedback Modal for Website <= 1.0.1 - Missing Authorization to Unauthenticated Arbitrary Feedback Data Exfiltration via 'export_data' Parameter — Feedback Modal for WebsiteCWE-862 5.3 Medium2025-12-05
CVE-2025-12190 Image Optimizer by wps.sk <= 1.2.0 - Cross-Site Request Forgery to Bulk Image Optimization — Image Optimizer by wps.skCWE-352 4.3 Medium2025-12-05
CVE-2025-12128 Hide Categories Or Products On Shop Page <= 1.0.7 - Cross-Site Request Forgery to Settings Update — Hide Categories Or Products On Shop PageCWE-352 4.3 Medium2025-12-05

Vulnerabilities classified as access:pre-auth represent 21102 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.