Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19065

19065 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2026-1555 WebStack <= 1.2024 - Unauthenticated Arbitrary File Upload — WebStackCWE-434 9.8 Critical2026-04-15
CVE-2026-4812 Advanced Custom Fields (ACF®) <= 6.7.0 - Unauthenticated Missing Authorization to Arbitrary Post/Page Disclosure via AJAX Field Query Parameters — Advanced Custom Fields (ACF®)CWE-862 5.3 Medium2026-04-15
CVE-2026-2834 Age Verification & Identity Verification by Token of Trust <= 3.32.3 - Unauthenticated Stored Cross-Site Scripting via 'description' Parameter — Age Verification & Identity Verification by Token of TrustCWE-79 7.2 High2026-04-15
CVE-2026-30994 Slah CMS 安全漏洞 — n/a 7.5 -2026-04-15
CVE-2026-1314 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery <= 1.16.17 - Missing Authorization to Unauthenticated Private/Draft Flipbook Data Exposure — 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image GalleryCWE-862 5.3 Medium2026-04-14
CVE-2026-35033 Jellyfin: Potential SSRF + Arbitrary file read via stream argument injection — jellyfinCWE-88 7.5 -2026-04-14
CVE-2026-34457 OAuth2 Proxy: Health Check User-Agent Matching Bypasses Authentication in auth_request Mode — oauth2-proxyCWE-290 9.1 Critical2026-04-14
CVE-2026-33146 Docmost's Public Share Search Exposes Metadata of Restricted Children — docmostCWE-285 4.3 Medium2026-04-14
CVE-2025-15565 Nexi XPay <= 8.3.0 - Missing Authorization to Unauthenticated Order Status Modification — Nexi XPayCWE-862 5.3 Medium2026-04-14
CVE-2026-39907 Unisys WebPerfect Image Suite 3.0 NTLMv2 Hash Leakage via WCF SOAP — WebPerfect Image SuiteCWE-73 9.8 -2026-04-14
CVE-2026-39906 Unisys WebPerfect Image Suite 3.0 NTLMv2 Hash Leakage via .NET Remoting — WebPerfect Image SuiteCWE-441 9.8 -2026-04-14
CVE-2026-34160 Chamilo LMS: Unauthenticated SSRF via PENS Plugin allows attacker to probe internal network and reach cloud metadata services — chamilo-lmsCWE-306 8.6 High2026-04-14
CVE-2026-33715 Chamilo LMS has Unauthenticated SSRF and Open Email Relay via install.ajax.php test_mailer action — chamilo-lmsCWE-306 7.2 High2026-04-14
CVE-2026-5756 Unauthenticated Configuration File Modification Vulnerability in DRC Central Office Services (COS) — Central Office Services - Content Hosting Component 9.8 -2026-04-14
CVE-2026-33096 HTTP.sys Denial of Service Vulnerability — Windows 11 version 22H3CWE-125 7.5 High2026-04-14
CVE-2026-22828 Fortinet FortiManager Cloud和Fortinet FortiAnalyzer Cloud 安全漏洞 — FortiAnalyzer CloudCWE-122 7.3 High2026-04-14
CVE-2026-23708 Fortinet FortiSOAR PaaS和Fortinet FortiSOAR on-premise 授权问题漏洞 — FortiSOAR PaaSCWE-287 6.7 High2026-04-14
CVE-2026-4832 Schneider Electric多款产品 信任管理问题漏洞 — Easergy MiCOM P14xCWE-798 7.5 -2026-04-14
CVE-2025-13822 Authentication bypass in MCPHub — MCPHubCWE-639 8.8 -2026-04-14
CVE-2026-33892 Siemens Industrial Edge Management 安全漏洞 — Industrial Edge Management Pro V1CWE-305 7.1 High2026-04-14
CVE-2026-24032 Siemens SINEC NMS 数据伪造问题漏洞 — SINEC NMSCWE-347 7.3 High2026-04-14
CVE-2025-40745 Siemens多款产品 信任管理问题漏洞 — Siemens Software CenterCWE-295 3.7 Low2026-04-14
CVE-2026-2582 Germanized for WooCommerce <= 3.20.5 - Unauthenticated Arbitrary Shortcode Execution — Germanized for WooCommerceCWE-94 6.5 Medium2026-04-14
CVE-2026-40289 PraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension sessions — PraisonAICWE-306 9.1 Critical2026-04-14
CVE-2026-4388 Form Maker by 10Web <= 1.15.40 - Unauthenticated Stored Cross-Site Scripting via Matrix Field Text Box — Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form BuilderCWE-79 7.2 High2026-04-14
CVE-2026-6264 Critical Security fix for the Talend JobServer and Talend Runtime — Talend JobServer 9.8 Critical2026-04-14
CVE-2026-4352 JetEngine <= 3.8.6.1 - Unauthenticated SQL Injection via '_cct_search' Parameter — JetEngineCWE-89 7.5 High2026-04-14
CVE-2026-4365 LearnPress <= 4.3.2.8 - Missing Authorization to Unauthenticated Arbitrary Quiz Answer Deletion — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-862 9.1 Critical2026-04-14
CVE-2026-34257 Open Redirect vulnerability in SAP NetWeaver Application Server ABAP — SAP NetWeaver Application Server ABAPCWE-601 6.1 Medium2026-04-14
CVE-2026-27674 Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java) — SAP NetWeaver Application Server Java (Web Dynpro Java)CWE-94 6.1 Medium2026-04-14

Vulnerabilities classified as access:pre-auth represent 19065 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.