Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

access:pre-auth — CVE vulnerabilities tagged 21234

21234 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2025-11240 Open redirect vulnerability in KNIME Business Hub — KNIME Business HubCWE-601 6.1 -2025-10-02
CVE-2025-40645 Exposure of sensitive information in Viday — ViDayCWE-200 7.5AIHighAI2025-10-02
CVE-2025-54291 Project existence disclosure in LXD images API — LXDCWE-209 5.3AIMediumAI2025-10-02
CVE-2025-54290 Project Existence Disclosure via Error Handling in LXD Image Export — LXDCWE-200 5.3AIMediumAI2025-10-02
CVE-2025-9697 Ajax WooSearch <= 1.0.0 - Unauthenticated SQL Injection — Ajax WooSearch 9.8AICriticalAI2025-10-02
CVE-2025-9587 CTL Behance Importer Lite <= 1.0 - Unauthenticated SQL Injection — CTL Behance Importer Lite 9.8AICriticalAI2025-10-02
CVE-2025-56019 Agasta Easytouch Plus 安全漏洞 — n/a 6.5AIMediumAI2025-10-02
CVE-2025-56161 Yoshop 安全漏洞 — n/a 7.5AIHighAI2025-10-02
CVE-2025-56162 Yoshop 安全漏洞 — n/a 9.8AICriticalAI2025-10-02
CVE-2025-59403 Flock Safety Android Collins 安全漏洞 — n/a 9.8AICriticalAI2025-10-02
CVE-2023-28760 TP-Link AX1800 安全漏洞 — n/a 8.8AIHighAI2025-10-02
CVE-2025-61582 Ts3 Manager: Unauthenticated Denial of Service possible through specially crafted Unicode input — ts3-managerCWE-20 7.5 High2025-10-01
CVE-2025-54811 OpenPLC_V3 — OpenPLC_V3CWE-758 7.1 High2025-10-01
CVE-2025-59538 Argo CD is Vulnerable to Unauthenticated Remote DoS via malformed Azure DevOps git.push webhook — argo-cdCWE-248 7.5 High2025-10-01
CVE-2025-59531 Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload — argo-cdCWE-703 7.5 High2025-10-01
CVE-2025-8679 ExtremeGuest Essentials Captive Portal Unauthenticated Brute Force — ExtremeGuest EssentialsCWE-307 8.2AIHighAI2025-10-01
CVE-2025-20371 Unauthenticated Blind Server Side Request Forgery (SSRF) in Splunk Enterprise — Splunk EnterpriseCWE-918 7.5 High2025-10-01
CVE-2020-36852 Custom Searchable Data Entry System <= 1.7.1 - Unauthenticated Database Wiping — Custom Searchable Data Entry SystemCWE-862 9.1 Critical2025-10-01
CVE-2025-9512 Schema & Structured Data for WP & AMP < 1.50 - Unauthenticated Stored-XSS — Schema & Structured Data for WP & AMP 6.1AIMediumAI2025-10-01
CVE-2025-10735 Block For Mailchimp – Easy Mailchimp Form Integration <= 1.1.12 - Unauthenticated Blind Server-Side Request Forgery — Block for Mailchimp – Add Email Subscription Forms and Collect LeadsCWE-918 4.0 Medium2025-10-01
CVE-2025-10744 File Manager, Code editor, backup by Managefy <= 1.6.1 - Unauthenticated Information Exposure — File Manager, Code Editor, and Backup by ManagefyCWE-200 5.9 Medium2025-10-01
CVE-2025-10659 MegaSys Enterprises Telenium Online Web Application OS Command Injection — Telenium Online Web Application:CWE-78 9.8 Critical2025-09-30
CVE-2025-8120 Remote Code Execution via Unrestricted File Upload in PAD CMS — PAD CMSCWE-434 9.8AICriticalAI2025-09-30
CVE-2025-7065 Remote Code Execution via Unrestricted File Upload in PAD CMS — PAD CMSCWE-434 9.8AICriticalAI2025-09-30
CVE-2025-7063 Remote Code Execution via Unrestricted File Upload in PAD CMS — PAD CMSCWE-434 9.8AICriticalAI2025-09-30
CVE-2025-8877 AffiliateWP <= 2.28.2 - Unauthenticated SQL Injection — AffiliateWPCWE-89 7.5 High2025-09-30
CVE-2025-7038 LatePoint <= 5.1.94 - Unauthenticated Authentication Bypass via load_step Function — LatePoint – Calendar Booking Plugin for Appointments and EventsCWE-288 8.2 High2025-09-30
CVE-2025-7052 LatePoint <= 5.1.94 - Cross-Site Request Forgery to Account Takeover via change_password() Function — LatePoint – Calendar Booking Plugin for Appointments and EventsCWE-352 8.8 High2025-09-30
CVE-2025-9946 LockerPress – WordPress Security Plugin <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting — LockerPress – WordPress Security PluginCWE-352 6.1 Medium2025-09-30
CVE-2025-9948 Chat by Chatwee <= 2.1.3 - Cross-Site Request Forgery to Settings Update — Chat by ChatweeCWE-352 4.3 Medium2025-09-30

Vulnerabilities classified as access:pre-auth represent 21234 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.