Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

access:pre-auth — CVE vulnerabilities tagged 21230

21230 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2025-57563 StarNet FastX 安全漏洞 — n/a 7.5AIHighAI2025-10-14
CVE-2025-57618 StarNet FastX 安全漏洞 — n/a 9.8AICriticalAI2025-10-14
CVE-2025-9713 Ivanti Endpoint Manager 路径遍历漏洞 — Endpoint ManagerCWE-22 8.8 High2025-10-13
CVE-2025-59836 Omni is Vulnerable to DoS via Empty Create/Update Resource Requests — omniCWE-703 5.3 Medium2025-10-13
CVE-2025-62364 text-generation-webui allows arbitrary file read via symbolic link upload — text-generation-webuiCWE-59 6.2 Medium2025-10-13
CVE-2025-62170 rAthena map-server use-after-free vulnerability in RODEX — rathenaCWE-416 7.5 High2025-10-13
CVE-2025-10720 WP Private Content Plus <= 3.6.2 - Password Protection Bypass — WP Private Content Plus 8.2AIHighAI2025-10-13
CVE-2025-11672 EBM Technologies|Uniweb/SoliPACS WebServer - Missing Authentication — Uniweb/SoliPACS WebServerCWE-306 5.3 Medium2025-10-13
CVE-2025-11671 EBM Technologies|Uniweb/SoliPACS WebServer - Missing Authentication — Uniweb/SoliPACS WebServerCWE-306 5.3 Medium2025-10-13
CVE-2025-9265 API Authentication Bypass via Header Spoofing vulnerability in Kiloview NDI N30 Products — NDICWE-346 7.5AIHighAI2025-10-13
CVE-2025-11652 UTT 进取 518G formTaskEdit_ap buffer overflow — 进取 518GCWE-120 8.8 High2025-10-13
CVE-2025-61884 Oracle E-Business Suite 安全漏洞 — Oracle Configurator 7.5 High2025-10-12
CVE-2025-10376 Course Redirects for Learndash Plugin <= 0.4 - Cross-Site Request Forgery — Course Redirects for Learndash PluginCWE-352 4.3 Medium2025-10-11
CVE-2025-10375 Web Accessibility By accessiBe <= 2.10 - Cross-Site Request Forgery — Web Accessibility by accessiBeCWE-352 4.3 Medium2025-10-11
CVE-2025-8484 Code Quality Control Tool <= 2.1 - Unauthenticated Information Exposure via Log Files — Code Quality Control ToolCWE-200 5.3 Medium2025-10-11
CVE-2025-8682 Newsup <= 5.0.10 - Missing Authorization to Authenticated (Subscriber+) Plugin Installation — NewsupCWE-862 4.3 Medium2025-10-11
CVE-2025-9626 Page Blocks <= 1.1.0 - Cross-Site Request Forgery — Page BlocksCWE-352 4.3 Medium2025-10-11
CVE-2025-6439 WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Deletion — WooCommerce Designer ProCWE-22 9.8 Critical2025-10-11
CVE-2025-9621 WidgetPack Comment System <= 1.6.1 - Cross-Site Request Forgery — WidgetPack Comment SystemCWE-352 4.3 Medium2025-10-11
CVE-2025-11167 CM Registration – Tailored tool for seamless login and invitation-based registrations <= 2.5.6 - Open Redirect — CM Registration – Tailored tool for seamless login and invitation-based registrationsCWE-601 4.7 Medium2025-10-11
CVE-2025-11518 WPC Smart Wishlist for WooCommerce <= 5.0.3 - Insecure Direct Object Reference to Unauthenticated Wishlist Manipulation — WPC Smart Wishlist for WooCommerceCWE-639 5.3 Medium2025-10-11
CVE-2025-11254 Contest Gallery – Upload, Vote & Sell with PayPal and Stripe <= 27.0.3 - Unauthenticated CSV Injection — Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & StripeCWE-1236 4.3 Medium2025-10-11
CVE-2025-6553 Ovatheme Events Manager <= 1.8.5 - Unauthenticated Arbitrary File Upload — Ovatheme Events ManagerCWE-434 9.8 Critical2025-10-11
CVE-2025-9196 Trinity Audio <= 5.21.0 - Unauthenticated Information Exposure — Trinity Audio – Text to Speech AI audio player to convert content into audioCWE-200 5.3 Medium2025-10-11
CVE-2025-11533 WP Freeio <= 1.2.21 - Unauthenticated Privilege Escalation — WP FreeioCWE-269 9.8 Critical2025-10-11
CVE-2025-11380 Everest Backup <= 2.3.5 - Missing Authorization to Unauthenticated Information Exposure — Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning PluginCWE-862 5.9 Medium2025-10-11
CVE-2025-62158 Frappe had attachments made by students to their assignments of type Text set to public — lmsCWE-200 7.5AIHighAI2025-10-10
CVE-2025-61928 Better Auth: Unauthenticated API key creation through api-key plugin — better-authCWE-285 7.5AIHighAI2025-10-09
CVE-2025-35061 Newforma Info Exchange (NIX) forced NTLMv2 authentication via /NPCSRemoteWeb/LegacyIntegrationServices.asmx — Project CenterCWE-294 5.9 Medium2025-10-09
CVE-2025-35062 Newforma Info Exchange (NIX) default anonymous access — Project CenterCWE-276 5.3 Medium2025-10-09

Vulnerabilities classified as access:pre-auth represent 21230 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.