Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19065

19065 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2026-40100 FastGPT has Unauthenticated SSRF in /api/core/app/mcpTools/runTool via missing CHECK_INTERNAL_IP default — FastGPTCWE-918 5.3 Medium2026-04-10
CVE-2026-40086 Rembg has a Path Traversal via Custom Model Loading — rembgCWE-22 5.3 Medium2026-04-10
CVE-2026-35665 OpenClaw < 2026.3.24 - Denial of Service via Feishu Webhook Pre-Auth Body Parsing — OpenClawCWE-405 5.3 Medium2026-04-10
CVE-2026-5777 Security Misconfiguration Vulnerability in Atom 3x Projector — Atom 3X ProjectorCWE-306 8.8 -2026-04-10
CVE-2026-6057 Unauthenticated Path Traversal in FalkorDB Browser Leads to Remote Code Execution — FalkorDB BrowserCWE-22 9.8 -2026-04-10
CVE-2026-4432 YITH WooCommerce Wishlist < 4.13.0 - Unauthenticated Arbitrary Wishlist Renaming via IDOR — YITH WooCommerce Wishlist 5.3 -2026-04-10
CVE-2026-4305 Royal WordPress Backup & Restore Plugin <= 1.0.16 - Reflected Cross-Site Scripting via 'wpr_pending_template' Parameter — Royal WordPress Backup, Restore & Migration Plugin – Backup WordPress Sites SafelyCWE-79 6.1 Medium2026-04-10
CVE-2026-1924 Aruba HiSpeed Cache <= 3.0.4 - Cross-Site Request Forgery to Plugin Settings Reset — Aruba HiSpeed CacheCWE-352 4.3 Medium2026-04-10
CVE-2026-3360 Tutor LMS <= 3.9.7 - Missing Authorization to Unauthenticated Arbitrary Billing Profile Overwrite via 'order_id' Parameter — Tutor LMS – eLearning and online course solutionCWE-862 7.5 High2026-04-10
CVE-2026-4664 Customer Reviews for WooCommerce <= 5.103.0 - Unauthenticated Authentication Bypass to Arbitrary Review Submission via 'key' Parameter — Customer Reviews for WooCommerceCWE-287 5.3 Medium2026-04-10
CVE-2026-23782 BMC Control-M/MFT 安全漏洞 — n/a 9.8 -2026-04-10
CVE-2026-34424 Smart Slider 3 Pro 3.5.1.35 Supply Chain Attack Remote Access Toolkit — Smart Slider 3 Pro for WordPressCWE-506 9.8 Critical2026-04-09
CVE-2026-5778 Integer underflow leads to out-of-bounds access in sniffer ChaCha decrypt path. — wolfSSLCWE-191 7.5AIHighAI2026-04-09
CVE-2026-33784 JSI Virtual Lightweight Collector: Default password is not required to be changed which allows unauthorized high-privileged access — JSI LWCCWE-1393 9.8 Critical2026-04-09
CVE-2026-33781 Junos OS: EX Series, QFX Series: In a VXLAN scenario when specific control protocol packets are received, memory leaks and eventually no traffic is passed — Junos OSCWE-754 6.5 Medium2026-04-09
CVE-2026-33778 Junos OS: SRX Series, MX Series: When a specifically malformed first ISAKMP packet is received kmd/iked crashes — Junos OSCWE-1286 7.5 High2026-04-09
CVE-2026-33774 Junos OS: MX Series: Firewall filters on lo0.<non-0> in the default routing instance are not in effect — Junos OSCWE-754 6.5 Medium2026-04-09
CVE-2026-33771 CTP OS: Configuring password requirements does not work which permits the use of weak passwords — CTP OSCWE-521 7.4 High2026-04-09
CVE-2025-13914 Apstra: SSH host key validation vulnerability for managed devices — ApstraCWE-322 8.7 High2026-04-09
CVE-2026-33797 Junos OS and Junos OS Evolved: An attacker sending a specific genuine BGP packet causes a BGP reset — Junos OSCWE-20 7.4 High2026-04-09
CVE-2026-33775 Junos OS: MX Series: Mismatch between configured and received packet types causes memory leak in bbe-smgd — Junos OSCWE-401 6.5 Medium2026-04-09
CVE-2026-40151 PraisonAI Affected by Unauthenticated Information Disclosure of Agent Instructions via /api/agents in AgentOS — PraisonAICWE-200 5.3 Medium2026-04-09
CVE-2026-33782 Junos OS: MX Series: In specific DHCPv6 scenarios jdhcpd memory increases continuously with subscriber logouts — Junos OSCWE-401 6.5 Medium2026-04-09
CVE-2026-33780 Junos OS and Junos OS Evolved: In an EVPN-MPLS scenario churn of ESI routes causes a memory leak in l2ald — Junos OSCWE-401 6.5 Medium2026-04-09
CVE-2026-33773 Junos OS: EX Series, QFX Series: If the same egress filter is configured on both an IRB and a physical interface one of those is not applied — Junos OSCWE-1419 5.8 Medium2026-04-09
CVE-2026-35640 OpenClaw < 2026.3.25 - Denial of Service via Unauthenticated Webhook Request Parsing — OpenClawCWE-696 5.3 Medium2026-04-09
CVE-2026-35638 OpenClaw < 2026.3.22 - Privilege Escalation via Self-Declared Scopes in Trusted-Proxy Control UI — OpenClawCWE-286 8.8 High2026-04-09
CVE-2026-35634 OpenClaw < 2026.3.23 - Authentication Bypass via Local-Direct Requests in Canvas Gateway — OpenClawCWE-288 5.1 Medium2026-04-09
CVE-2026-35626 OpenClaw < 2026.3.22 - Unauthenticated Resource Exhaustion via Voice Call Webhook — OpenClawCWE-405 5.3 Medium2026-04-09
CVE-2025-59969 Junos OS Evolved: QFX5000 Series and PTX Series: An attacker sending crafted multicast packets will cause evo-aftmand / evo-pfemand to crash and restart — Junos OS EvolvedCWE-120 6.5 Medium2026-04-09

Vulnerabilities classified as access:pre-auth represent 19065 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.