Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

access:pre-auth — CVE vulnerabilities tagged 21234

21234 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2025-9991 Tiny Bootstrap Elements Light <= 4.3.34 - Unauthenticated Local File Inclusion — Tiny Bootstrap Elements LightCWE-98 8.1 High2025-09-30
CVE-2025-9762 Post By Email <= 1.0.4b - Unauthenticated Arbitrary File Upload via Email Attachments — Post By EmailCWE-78 9.8 Critical2025-09-30
CVE-2025-8625 Copypress Rest API 1.1 - 1.2 - Missing Configurable JWT Secret and File-Type Validation to Unauthenticated Remote Code Execution — Copypress Rest APICWE-321 9.8 Critical2025-09-30
CVE-2025-55797 FormCMS 安全漏洞 — n/a 5.3AIMediumAI2025-09-30
CVE-2025-56132 Liquidfiles 安全漏洞 — n/a 5.3AIMediumAI2025-09-30
CVE-2025-34221 Vasion Print (formerly PrinterLogic) — Print Virtual Appliance HostCWE-306 10.0AICriticalAI2025-09-29
CVE-2025-34215 Vasion Print (formerly PrinterLogic) Unauthenticated Firmware Update Endpoint RCE — Print Virtual Appliance HostCWE-306 9.8AICriticalAI2025-09-29
CVE-2025-34224 Vasion Print (formerly PrinterLogic) Unauthenticated Device Modification — Print Virtual Appliance HostCWE-306 9.8AICriticalAI2025-09-29
CVE-2025-34220 Vasion Print (formerly PrinterLogic) Unauthenticated API Leaks Group Information — Print Virtual Appliance HostCWE-306 5.3AIMediumAI2025-09-29
CVE-2025-34222 Vasion Print (formerly PrinterLogic) Unauthenticated Admin APIs Used to Modify SSL Certificates — Print Virtual Appliance HostCWE-306 9.8AICriticalAI2025-09-29
CVE-2025-34228 Vasion Print (formerly PrinterLogic) SSRF via Lexmark update.php — Print Virtual Appliance HostCWE-306 9.1AICriticalAI2025-09-29
CVE-2025-34229 Vasion Print (formerly PrinterLogic) Blind SSRF via HP installApp.php — Print Virtual Appliance HostCWE-306 9.1AICriticalAI2025-09-29
CVE-2025-34230 Vasion Print (formerly PrinterLogic) Blind SSRF via HP log_off_single_sign_on.php — Print Virtual Appliance HostCWE-306 9.1AICriticalAI2025-09-29
CVE-2025-34231 Vasion Print (formerly PrinterLogic) SSRF via HP badgeSetup.php — Print Virtual Appliance HostCWE-306 9.1AICriticalAI2025-09-29
CVE-2025-34225 Vasion Print (formerly PrinterLogic) SSRF via console_release Directory — Print Virtual Appliance HostCWE-306 9.1AICriticalAI2025-09-29
CVE-2025-34216 Vasion Print (formerly PrinterLogic) RCE and Password Leaks via API — Print Virtual Appliance HostCWE-306 9.8AICriticalAI2025-09-29
CVE-2025-34223 Vasion Print (formerly PrinterLogic) Insecure Installation Credentials — Print Virtual Appliance HostCWE-798 9.8AICriticalAI2025-09-29
CVE-2025-34218 Vasion Print (formerly PrinterLogic) Exposed Internal Docker Instance — Print Virtual Appliance HostCWE-306 5.8AIMediumAI2025-09-29
CVE-2025-34232 Vasion Print (formerly PrinterLogic) Blind SSRF via Lexmark dellCheck.php — Print Virtual Appliance HostCWE-306 9.1AICriticalAI2025-09-29
CVE-2025-35034 Medical Informatics Engineering Enterprise Health reflected cross site scripting via portlet_user_id — Enterprise HealthCWE-79 4.3 Medium2025-09-29
CVE-2025-35030 Medical Informatics Engineering Enterprise Health cross site request forgery — Enterprise HealthCWE-352 8.1 High2025-09-29
CVE-2025-41252 Username enumeration vulnerability — NSXCWE-203 7.5 High2025-09-29
CVE-2025-41251 Weak password recovery vulnerability — NSXCWE-640 8.1 High2025-09-29
CVE-2025-57872 BUG-000174150 - Unvalidated redirect in Portal for ArcGIS. — Portal for ArcGISCWE-601 6.1 Medium2025-09-29
CVE-2025-57878 BUG-000174149 - The Portal for ArcGIS has an unvalidated redirect. — Portal for ArcGISCWE-601 6.1 Medium2025-09-29
CVE-2025-57879 BUG-000171009 - URL manipulation vulnerability in Portal for ArcGIS. — Portal for ArcGISCWE-601 6.1 Medium2025-09-29
CVE-2025-57266 ThriveX-Blog 安全漏洞 — n/a 7.5AIHighAI2025-09-29
CVE-2025-8014 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 7.5 High2025-09-27
CVE-2025-9893 VM Menu Reorder plugin <= 1.0.0 - Cross-Site Request Forgery to Settings Update — VM Menu Reorder pluginCWE-352 4.3 Medium2025-09-27
CVE-2025-9944 Professional Contact Form <= 1.0.0 - Cross-Site Request Forgery to Test Email Sending — Professional Contact FormCWE-352 4.3 Medium2025-09-27

Vulnerabilities classified as access:pre-auth represent 21234 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.