目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1336 CNY

100%

access:pre-auth 标签下的 CVE 漏洞 21230

access:pre-auth 类型相关 21230 条 CVE 漏洞,含 AI 中文分析、CVSS、参考链接与 POC。

“access:pre-auth”标签标识了无需身份验证即可触发的漏洞,涵盖18971个CVE。此类漏洞之所以关键,是因为攻击者无需凭证即可直接利用,极大降低了攻击门槛并扩大了潜在受害面。典型场景包括远程代码执行、未授权数据访问及拒绝服务攻击,常见于配置错误的API接口、默认凭证服务或存在逻辑缺陷的认证前处理模块,对系统安全性构成直接且严重的威胁。

CVE IDタイトルCVSS深刻度公開日
CVE-2025-20334 Cisco IOS XE 命令注入漏洞 — Cisco IOS XE SoftwareCWE-77 8.8 High2025-09-24
CVE-2025-20339 Cisco SD-WAN vEdge Software Access Control List Bypass Vulnerability — Cisco SD-WAN vEdge CloudCWE-284 5.8 Medium2025-09-24
CVE-2025-20365 Cisco Access Point Software 安全漏洞 — Cisco Aironet Access Point Software (IOS XE Controller)CWE-940 4.3 Medium2025-09-24
CVE-2025-20364 Cisco Wireless LAN Controller 安全漏洞 — Cisco Aironet Access Point Software (IOS XE Controller)CWE-346 4.3 Medium2025-09-24
CVE-2025-9054 MultiLoca - WooCommerce Multi Locations Inventory Management <= 4.2.8 - Missing Authorization to Unauthenticated Arbitrary Options Update via 'wcmlim_settings_ajax_handler' — MultiLoca - WooCommerce Multi Locations Inventory ManagementCWE-862 9.8 Critical2025-09-24
CVE-2025-41716 Unauthenticated User Enumeration via Missing Authentication — Solution BuilderCWE-306 5.3 Medium2025-09-24
CVE-2025-41715 Missing Authentication for Database Access in Web Application — Device SphereCWE-306 9.8 Critical2025-09-24
CVE-2025-56241 Aztech DSL5005EN 安全漏洞 — n/a 9.8AICriticalAI2025-09-24
CVE-2025-57882 AutomationDirect CLICK PLUS Improper Resource Shutdown or Release — CLICK PLUS C0-0x CPU firmwareCWE-404 5.9 Medium2025-09-23
CVE-2025-58473 AutomationDirect CLICK PLUS Improper Resource Shutdown or Release — CLICK PLUS C0-0x CPU firmwareCWE-404 5.9 Medium2025-09-23
CVE-2025-9965 UDP Service Weak Authentication — P series (P07, P10, P12, P15)CWE-287 9.1AICriticalAI2025-09-23
CVE-2025-10412 Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) <= 4.9.55 - Unauthenticated Arbitrary File Upload via 'uni_cpo_upload_file' — Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium)CWE-434 9.8 Critical2025-09-23
CVE-2025-10147 Podlove Podcast Publisher <= 4.2.6 - Unauthenticated Arbitrary File Upload — Podlove Podcast PublisherCWE-434 9.8 Critical2025-09-23
CVE-2025-26399 SolarWinds Web Help Desk Deserialization of Untrusted Data Privilege Escalation Vulnerability — Web Help DeskCWE-502 9.8 Critical2025-09-23
CVE-2025-9321 WPCasa <= 1.4.1 - Unauthenticated Code Injection — WPCasaCWE-94 9.8 Critical2025-09-23
CVE-2025-59559 WordPress Payrexx Payment Gateway for WooCommerce Plugin <= 3.1.5 - Broken Access Control Vulnerability — Payrexx Payment Gateway for WooCommerceCWE-862 4.3 Medium2025-09-22
CVE-2025-58668 WordPress WPLMS theme <= 4.970 - Broken Access Control vulnerability — WPLMSCWE-862 4.3 Medium2025-09-22
CVE-2025-10793 code-projects E-Commerce Website admin_account_delete.php sql injection — E-Commerce WebsiteCWE-89 7.3 High2025-09-22
CVE-2025-57432 Blackmagic Design Web Presenter 安全漏洞 — n/a 6.5AIMediumAI2025-09-22
CVE-2025-57437 Blackmagic Design Web Presenter HD 安全漏洞 — n/a 5.3AIMediumAI2025-09-22
CVE-2025-57440 Blackmagic Design ATEM Mini Pro 安全漏洞 — n/a 8.8AIHighAI2025-09-22
CVE-2025-57441 Blackmagic Design ATEM Mini Pro 安全漏洞 — n/a 7.5AIHighAI2025-09-22
CVE-2025-10760 Harness lookup_repo.go LookupRepo server-side request forgery — HarnessCWE-918 6.3 Medium2025-09-21
CVE-2025-9883 Browser Sniff <= 2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Browser SniffCWE-352 6.1 Medium2025-09-20
CVE-2025-9887 Custom Login And Signup Widget <= 1.0 - Cross-Site Request Forgery — Custom Login And Signup WidgetCWE-352 4.3 Medium2025-09-20
CVE-2025-9882 osTicket WP Bridge <= 1.9.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting — osTicket WP BridgeCWE-352 6.1 Medium2025-09-20
CVE-2025-10658 SupportCandy – Helpdesk & Customer Support Ticket System <= 3.3.7 - Authentication Bypass to Support Session Takeover — SupportCandy – Helpdesk & Customer Support Ticket SystemCWE-307 6.5 Medium2025-09-20
CVE-2025-9949 Internal Links Manager <= 3.0.1 - Cross-Site Request Forgery — Internal Links ManagerCWE-352 4.3 Medium2025-09-20
CVE-2022-4980 General Bytes Crypto Application Server (CAS) Unauthenticated Creation of Admin Account via Default-installation/First-admin Page — Crypto Application Server (CAS)CWE-306 9.8 -2025-09-19
CVE-2025-26516 CVE-2025-26516 Denial of Service Vulnerability in StorageGRID (formerly StorageGRID Webscale) — StorageGRIDCWE-405 5.3 Medium2025-09-19

access:pre-auth 是常见的弱点类别,本平台收录该类弱点关联的 21230 条 CVE 漏洞。