Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

access:pre-auth — CVE vulnerabilities tagged 21234

21234 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2025-9891 User Sync – Remote User Sync <= 1.0.2 - Cross-Site Request Forgery to Plugin Deactivation — User SyncCWE-352 4.3 Medium2025-09-17
CVE-2025-9629 USS Upyun <= 1.5.0 - Cross-Site Request Forgery — USS UpyunCWE-352 4.3 Medium2025-09-17
CVE-2025-37124 Unauthenticated Access Vulnerability allows Transit Traffic Misrouting in SD-WAN Edge Interface — HPE Aruba Networking EdgeConnect SD-WAN Gateway 8.6 High2025-09-16
CVE-2025-34184 Ilevia EVE X1 Server 4.7.18.0.eden Neuro-Core Unauthenticated Code Injection — EVE X1 ServerCWE-78 9.8AICriticalAI2025-09-16
CVE-2025-34183 Ilevia EVE X1 Server 4.7.18.0.eden Credentials Leak Through Log Disclosure — EVE X1 ServerCWE-532 9.8AICriticalAI2025-09-16
CVE-2025-59270 psPAS does not enforce TLS 1.2 within Get-PASSAMLResponse — psPASCWE-757 3.1 Low2025-09-16
CVE-2009-20006 osCommerce <= 2.2 Admin File Manager Arbitrary PHP Code Execution — osCommerceCWE-434 9.8AICriticalAI2025-09-16
CVE-2025-9808 The Events Calendar <= 6.15.2 - Missing Authorization to Unauthenticated Password-Protected Information Disclosure — The Events CalendarCWE-200 5.3 Medium2025-09-16
CVE-2025-30468 Apple iOS和Apple iPadOS 安全漏洞 — iOS and iPadOS 4.6AIMediumAI2025-09-15
CVE-2025-59361 OS command injection in Chaos Mesh via the cleanIptables mutation CWE-78 9.8 Critical2025-09-15
CVE-2025-59360 OS command injection in Chaos Mesh via the killProcesses mutation CWE-78 9.8 Critical2025-09-15
CVE-2025-59359 OS command injection in Chaos Mesh via the cleanTcs mutation CWE-78 9.8 Critical2025-09-15
CVE-2025-59358 Denial of Service via Unauthorized Access to Chaos Mesh debugging server CWE-306 7.5 High2025-09-15
CVE-2025-41713 WAGO: Vulnerability in hardware switch circuit — CC100 0751-9301CWE-1188 6.5 Medium2025-09-15
CVE-2025-10453 PilotGaea Technologies|O'View MapServer - Server-Side Request Forgery — O'View MapServerCWE-918 5.3 Medium2025-09-15
CVE-2025-10452 Gotac|Statistical Database System - Missing Authentication — Statistical Database SystemCWE-306 9.8 Critical2025-09-15
CVE-2025-52053 TOTOLINK X6000R 安全漏洞 — n/a 9.8AICriticalAI2025-09-15
CVE-2025-57174 Ceragon EtherHaul series 安全漏洞 — n/a 9.8AICriticalAI2025-09-15
CVE-2025-57176 Ceragon EtherHaul series 安全漏洞 — EtherHaul and MultiHaul Series microwave antennasCWE-434 6.5 Medium2025-09-15
CVE-2025-10397 Magicblack MacCMS API server-side request forgery — MacCMSCWE-918 4.7 Medium2025-09-14
CVE-2025-58434 Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover — FlowiseCWE-306 9.8 Critical2025-09-12
CVE-2025-10364 Unauthenticated Arbitrary Command Injection in Evertz SDVN — 3080ipx-10GCWE-77 9.8 -2025-09-12
CVE-2025-10365 Authentication Bypass in Evertz SDVN — 3080ipx-10GCWE-287 9.8 -2025-09-12
CVE-2025-10267 NewType Infortech|NUP Portal - Missing Authentication — NUP PortalCWE-306 5.3 Medium2025-09-12
CVE-2025-10266 NewType Infortech|NUP Portal - SQL Injection — NUP PortalCWE-89 9.8 Critical2025-09-12
CVE-2025-10264 Digiever|NVR - Exposure of Sensitive Information — DS-1200CWE-497 10.0 Critical2025-09-12
CVE-2025-9881 Ultimate Blogroll <= 2.5.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Ultimate BlogrollCWE-352 6.1 Medium2025-09-12
CVE-2025-9880 Side Slide Responsive Menu <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Side Slide Responsive MenuCWE-352 6.1 Medium2025-09-12
CVE-2025-9807 The Events Calendar <= 6.15.1 - Unauthenticated SQL Injection — The Events CalendarCWE-89 7.5 High2025-09-12
CVE-2025-45584 Audi UTR 2.0 安全漏洞 — n/a 5.3 -2025-09-12

Vulnerabilities classified as access:pre-auth represent 21234 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.