access:pre-auth 类型相关 21230 条 CVE 漏洞,含 AI 中文分析、CVSS、参考链接与 POC。
“access:pre-auth”标签标识了无需身份验证即可触发的漏洞,涵盖18971个CVE。此类漏洞之所以关键,是因为攻击者无需凭证即可直接利用,极大降低了攻击门槛并扩大了潜在受害面。典型场景包括远程代码执行、未授权数据访问及拒绝服务攻击,常见于配置错误的API接口、默认凭证服务或存在逻辑缺陷的认证前处理模块,对系统安全性构成直接且严重的威胁。
| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2025-11204 | WordPress plugin RegistrationMagic SQL注入漏洞 — RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User LoginCWE-89 | 7.2 | High | 2025-10-08 |
| CVE-2025-53967 | Framelink Figma MCP Server 安全漏洞 — Figma MCP ServerCWE-420 | 8.0 | High | 2025-10-08 |
| CVE-2025-43727 | Dell PowerProtect Data Domain 安全漏洞 — PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature ReleaseCWE-303 | 7.5 | High | 2025-10-07 |
| CVE-2025-43909 | Dell PowerProtect Data Domain 加密问题漏洞 — PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature ReleaseCWE-327 | 3.7 | Low | 2025-10-07 |
| CVE-2025-43913 | Dell PowerProtect Data Domain 加密问题漏洞 — PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature ReleaseCWE-327 | 5.3 | Medium | 2025-10-07 |
| CVE-2025-43912 | Dell PowerProtect Data Domain 安全漏洞 — PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature ReleaseCWE-122 | 5.3 | Medium | 2025-10-07 |
| CVE-2025-43891 | Dell PowerProtect Data Domain 加密问题漏洞 — PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature ReleaseCWE-327 | 5.3 | Medium | 2025-10-07 |
| CVE-2025-43889 | Dell PowerProtect Data Domain 路径遍历漏洞 — PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature ReleaseCWE-22 | 5.3 | Medium | 2025-10-07 |
| CVE-2025-3449 | B&R Automation Runtime 安全漏洞 — Automation RuntimeCWE-340 | 4.2 | Medium | 2025-10-07 |
| CVE-2025-3450 | B&R Automation Runtime 安全漏洞 — Automation RuntimeCWE-413 | 10.0 | Critical | 2025-10-07 |
| CVE-2025-10645 | WordPress plugin WP Reset 日志信息泄露漏洞 — WP ResetCWE-532 | 5.3 | Medium | 2025-10-07 |
| CVE-2025-10162 | WordPress plugin OrderConvo 安全漏洞 — Admin and Customer Messages After Order for WooCommerce: OrderConvo | 7.5AI | HighAI | 2025-10-07 |
| CVE-2025-57564 | CubeAPM 安全漏洞 — n/a | 6.5AI | MediumAI | 2025-10-07 |
| CVE-2025-36354 | IBM Security Verify Access和IBM Security Verify Access Docker 操作系统命令注入漏洞 — Security Verify Access ApplianceCWE-78 | 7.3 | High | 2025-10-06 |
| CVE-2025-61777 | Flag Forge 访问控制错误漏洞 — flagForgeCWE-200 | 9.4 | Critical | 2025-10-06 |
| CVE-2025-58579 | SICK AG Baggage Analytics 安全漏洞 — Baggage AnalyticsCWE-497 | 5.3 | Medium | 2025-10-06 |
| CVE-2025-9710 | WordPress plugin Responsive Lightbox & Gallery 安全漏洞 — Responsive Lightbox & Gallery | 6.1AI | MediumAI | 2025-10-06 |
| CVE-2025-11311 | Tipray Data Leakage Prevention System SQL注入漏洞 — Data Leakage Prevention System 天锐数据泄露防护系统CWE-89 | 7.3 | High | 2025-10-06 |
| CVE-2025-11284 | Zytec Central Authentication Service 安全漏洞 — Central Authentication ServiceCWE-259 | 7.3 | High | 2025-10-05 |
| CVE-2025-61882 | Oracle E-Business Suite 安全漏洞 — Oracle Concurrent Processing | 9.8 | Critical | 2025-10-05 |
| CVE-2025-9886 | WordPress plugin Trinity Audio 跨站请求伪造漏洞 — Trinity Audio – Text to Speech AI audio player to convert content into audioCWE-352 | 4.3 | Medium | 2025-10-04 |
| CVE-2025-9952 | WordPress plugin Trinity Audio 跨站脚本漏洞 — Trinity Audio – Text to Speech AI audio player to convert content into audioCWE-79 | 6.1 | Medium | 2025-10-04 |
| CVE-2025-9029 | WordPress plugin WDesignKit 安全漏洞 — WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget BuilderCWE-862 | 4.3 | Medium | 2025-10-04 |
| CVE-2025-11228 | WordPress plugin GiveWP 安全漏洞 — GiveWP – Donation Plugin and Fundraising PlatformCWE-862 | 5.3 | Medium | 2025-10-04 |
| CVE-2025-10746 | WordPress plugin Integrate Dynamics 365 CRM 访问控制错误漏洞 — Integrate Dynamics 365 CRMCWE-306 | 6.5 | Medium | 2025-10-04 |
| CVE-2025-9485 | WordPress plugin OAuth Single Sign On – SSO (OAuth Client) 数据伪造问题漏洞 — OAuth Single Sign On – SSO (OAuth Client)CWE-347 | 9.8 | Critical | 2025-10-04 |
| CVE-2025-11227 | WordPress plugin GiveWP 授权问题漏洞 — GiveWP – Donation Plugin and Fundraising PlatformCWE-285 | 6.5 | Medium | 2025-10-04 |
| CVE-2025-61679 | Anyquery 授权问题漏洞 — anyqueryCWE-200 | 7.7 | High | 2025-10-03 |
| CVE-2025-61673 | Karapace 访问控制错误漏洞 — karapaceCWE-306 | 8.6 | High | 2025-10-03 |
| CVE-2025-10695 | OpenSupports 安全漏洞 — OpenSupportsCWE-918 | 7.5AI | HighAI | 2025-10-03 |
access:pre-auth 是常见的弱点类别,本平台收录该类弱点关联的 21230 条 CVE 漏洞。