Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19065

19065 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2026-24318 Insecure Session Management vulnerability in SAP BusinessObjects Business Intelligence Platform — SAP BusinessObjects Business Intelligence PlatformCWE-539 4.2 Medium2026-04-14
CVE-2026-0512 Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog) — SAP Supplier Relationship Management (SICF Handler in SRM Catalog)CWE-79 6.1 Medium2026-04-14
CVE-2025-65133 School-Management-System 安全漏洞 — n/a 7.5 -2026-04-14
CVE-2026-34069 nimiq-consensus panics via RequestMacroChain micro-block locator — core-rs-albatrossCWE-617 5.3 Medium2026-04-13
CVE-2026-6220 HummerRisk Video File Download URL ServerService.java ServerService.addServer server-side request forgery — HummerRiskCWE-918 4.7 Medium2026-04-13
CVE-2026-32271 Craft Commerce: SQL Injection can lead to Remote Code Execution via TotalRevenue Widget — commerceCWE-89 8.8 -2026-04-13
CVE-2026-32270 Craft Commerce: Unauthenticated information disclosure in `commerce/payments/pay` can leak some customer order data on anonymous payments — commerceCWE-200 5.3 -2026-04-13
CVE-2026-40044 Pachno 1.0.6 FileCache Deserialization Remote Code Execution — PachnoCWE-502 9.8 Critical2026-04-13
CVE-2026-40042 Pachno 1.0.6 Wiki TextParser XML External Entity Injection — PachnoCWE-403 9.8 Critical2026-04-13
CVE-2026-4810 Remote Code Execution in Google Agent Development Kit (ADK) — Agent Development Kit (ADK)CWE-306 9.8 -2026-04-13
CVE-2026-0233 Autonomous Digital Experience Manager: Improper validation of ADEM certificate — Autonomous Digital Experience ManagerCWE-295 8.8 -2026-04-13
CVE-2026-0234 Cortex XSOAR: Improper Verification of Cryptographic Signature in Microsoft Teams integration — Cortex XSOAR Microsoft Teams MarketplaceCWE-347 9.1 -2026-04-13
CVE-2026-3830 Product Filter for WooCommerce by WBW < 3.1.3 - Unauthenticated SQLi — Product Filter for WooCommerce by WBW 9.8 -2026-04-13
CVE-2026-6161 code-projects Simple ChatBox Endpoint insert.php sql injection — Simple ChatBoxCWE-89 7.3 High2026-04-13
CVE-2019-25709 CF Image Hosting Script 1.6.5 Unauthorized Database Access — CF Image Hosting ScriptCWE-552 9.8 Critical2026-04-12
CVE-2019-25706 Across DR-810 ROM-0 Unauthenticated File Disclosure — DR-810CWE-538 7.5 High2026-04-12
CVE-2019-25697 CMSsite 1.0 SQL Injection via category.php — CMSsiteCWE-89 8.2 High2026-04-12
CVE-2026-31845 Rukovoditel CRM 安全漏洞 — Rukovoditel CRMCWE-79 9.3 Critical2026-04-11
CVE-2026-5217 Optimole <= 4.2.2 - Unauthenticated Stored Cross-Site Scripting via Srcset Descriptor Parameter — Optimole – Optimize Images in Real TimeCWE-79 7.2 High2026-04-11
CVE-2026-5226 Optimole <= 4.2.3 - Reflected Cross-Site Scripting via Page Profiler URL — Optimole – Optimize Images in Real TimeCWE-79 6.1 Medium2026-04-11
CVE-2026-4156 ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability — Home FlexCWE-121 8.8AIHighAI2026-04-11
CVE-2026-4149 Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability — Era 300CWE-119 9.8 -2026-04-11
CVE-2026-5724 Missing Authentication on Streaming gRPC Replication Endpoint — temporalCWE-306 5.9 -2026-04-10
CVE-2026-40242 Arcane Unauthenticated SSRF with Conditional Response Reflection in Template Fetch Endpoint — arcaneCWE-918 7.2 High2026-04-10
CVE-2026-40189 goshs has a file-based ACL authorization bypass in goshs state-changing routes — goshsCWE-862 9.8AICriticalAI2026-04-10
CVE-2026-33707 Weak Password Recovery Mechanism for Forgotten Password in chamilo/chamilo-lms — chamilo-lmsCWE-640 9.4 Critical2026-04-10
CVE-2026-33705 Chamilo LMS has unauthenticated access to Twig template source files exposes application logic — chamilo-lmsCWE-538 5.3 Medium2026-04-10
CVE-2026-33698 Chamilo LMS affected by unauthenticated RCE in main/install folder — chamilo-lmsCWE-552 9.8 -2026-04-10
CVE-2026-33618 Chamilo LMS Affected by Remote Code Execution via eval() in Platform Settings — chamilo-lmsCWE-95 8.8 High2026-04-10
CVE-2026-40163 Saltcorn has an Unauthenticated Path Traversal in sync endpoints allows arbitrary file write and directory read — saltcornCWE-22 8.2 High2026-04-10

Vulnerabilities classified as access:pre-auth represent 19065 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.