Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19065

19065 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2026-3595 Riaxe Product Customizer <= 2.1.2 - Unauthenticated Arbitrary User Deletion via 'user_id' Parameter — Riaxe Product CustomizerCWE-862 5.3 Medium2026-04-16
CVE-2026-3596 Riaxe Product Customizer <= 2.1.2 - Missing Authorization to Unauthenticated Arbitrary Options Update to Privilege Escalation via 'install-imprint' AJAX Action — Riaxe Product CustomizerCWE-862 9.8 Critical2026-04-16
CVE-2026-4032 CodeColorer <= 0.10.1 - Unauthenticated Stored Cross-Site Scripting via 'class' attribute in 'cc' Comment Shortcode — CodeColorerCWE-79 6.1 Medium2026-04-16
CVE-2026-6351 Openfind|MailGates/MailAudit - CRLF Injection — MailGatesCWE-93 7.5 High2026-04-16
CVE-2026-6350 Openfind|MailGates/MailAudit - Stack-based Buffer Overflow — MailGatesCWE-121 9.8 Critical2026-04-16
CVE-2026-6349 HGiga|iSherlock - OS Command Injection — iSherlock-base-4.5CWE-78 9.8 Critical2026-04-16
CVE-2026-37100 Yamaha SR-B30A 安全漏洞 — n/a 8.1AIHighAI2026-04-16
CVE-2026-30459 FUEL CMS 安全漏洞 — n/a 8.1AIHighAI2026-04-16
CVE-2026-4880 Barcode Scanner (+Mobile App) <= 1.11.0 - Unauthenticated Privilege Escalation via Insecure Token Authentication — Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale)CWE-269 9.8 Critical2026-04-15
CVE-2026-40245 Free5GC: UDR nudr-dr influenceData/subs-to-notify leaks SUPI in error response body without authentication — free5gcCWE-200 7.5 High2026-04-15
CVE-2026-40173 Dgraph: Unauthenticated pprof endpoint leaks admin auth token — dgraphCWE-200 9.4 Critical2026-04-15
CVE-2026-39857 Information Disclosure via `choices`/`counts` Query Parameters Bypassing publicApiProjection Field Restrictions — apostropheCWE-200 5.3 Medium2026-04-15
CVE-2026-33888 ApostropheCMS: publicApiProjection Bypass via `project` Query Builder in Piece-Type REST API — apostropheCWE-863 5.3 Medium2026-04-15
CVE-2026-33877 ApostropheCMS: User Enumeration via Timing Side Channel in Password Reset Endpoint — apostropheCWE-208 3.7 Low2026-04-15
CVE-2026-5189 Nexus Repository 3 - Hardcoded Credential in Internal Database Component — Nexus RepositoryCWE-798 9.8 -2026-04-15
CVE-2026-20059 Cisco Unity Connection Reflected Cross-Site Scripting Vulnerability — Cisco Unity ConnectionCWE-79 6.1 Medium2026-04-15
CVE-2026-20060 Cisco Unity Connection Open Redirect Vulnerability — Cisco Unity ConnectionCWE-601 4.7 Medium2026-04-15
CVE-2026-20170 Cisco Webex Contact Center 安全漏洞 — Cisco Webex Contact CenterCWE-80 6.1 Medium2026-04-15
CVE-2026-20184 Cisco Webex Meetings Certificate Validation Vulnerability — Cisco Webex MeetingsCWE-295 9.8 Critical2026-04-15
CVE-2026-20152 Cisco Secure Web Appliance Authentication Service Traffic Bypass Vulnerability — Cisco Secure Web ApplianceCWE-305 5.3 Medium2026-04-15
CVE-2026-5387 AVEVA Pipeline Simulation Missing Authorization — Pipeline Simulation 2025CWE-862 9.8 -2026-04-15
CVE-2026-1852 Product Pricing Table by WooBeWoo <= 1.1.0 - Cross-Site Request Forgery to Stored XSS and Pricing Table Deletion — Product Pricing Table by WooBeWooCWE-352 6.1 Medium2026-04-15
CVE-2026-33808 @fastify/express vulnerable to middleware authentication bypass via URL normalization gaps (duplicate slashes and semicolons) — @fastify/expressCWE-436 9.1 -2026-04-15
CVE-2026-3643 Accessibly <= 3.0.3 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Widget Source Injection via REST API — Accessibly – WordPress Website AccessibilityCWE-79 7.2 High2026-04-15
CVE-2026-1782 MetForm Pro <= 3.9.7 - Unauthenticated Payment Amount Manipulation via 'mf-calculation' — MetForm ProCWE-20 5.3 Medium2026-04-15
CVE-2026-4091 OPEN-BRAIN <= 0.5.0 - Cross-Site Request Forgery — OPEN-BRAINCWE-352 6.1 Medium2026-04-15
CVE-2026-3461 Visa Acceptance Solutions <= 2.1.0 - Unauthenticated Authentication Bypass via Billing Email — Visa Acceptance SolutionsCWE-288 9.8 Critical2026-04-15
CVE-2026-4002 Petje.af <= 2.1.8 - Cross-Site Request Forgery to Account Deletion via 'petjeaf_disconnect' AJAX Action — Petje.afCWE-352 4.3 Medium2026-04-15
CVE-2026-5694 Quick Interest Slider <= 3.1.5 - Unauthenticated Stored Cross-Site Scripting — Quick Interest SliderCWE-79 7.2 High2026-04-15
CVE-2026-6293 Inquiry form to posts or pages <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'inq_header' Parameter — Inquiry form to posts or pagesCWE-352 4.3 Medium2026-04-15

Vulnerabilities classified as access:pre-auth represent 19065 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.