目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1336 CNY

100%

access:pre-auth 标签下的 CVE 漏洞 21230

access:pre-auth 类型相关 21230 条 CVE 漏洞,含 AI 中文分析、CVSS、参考链接与 POC。

“access:pre-auth”标签标识了无需身份验证即可触发的漏洞,涵盖18971个CVE。此类漏洞之所以关键,是因为攻击者无需凭证即可直接利用,极大降低了攻击门槛并扩大了潜在受害面。典型场景包括远程代码执行、未授权数据访问及拒绝服务攻击,常见于配置错误的API接口、默认凭证服务或存在逻辑缺陷的认证前处理模块,对系统安全性构成直接且严重的威胁。

CVE IDタイトルCVSS深刻度公開日
CVE-2025-55143 Ivanti多款产品 跨站脚本漏洞 — Connect SecureCWE-79 6.1 Medium2025-09-09
CVE-2025-55147 Ivanti多款产品 跨站请求伪造漏洞 — Connect SecureCWE-352 8.8 High2025-09-09
CVE-2025-8711 Ivanti多款产品 跨站请求伪造漏洞 — Connect SecureCWE-352 5.4 Medium2025-09-09
CVE-2025-9872 Ivanti Endpoint Manager 安全漏洞 — Endpoint ManagerCWE-434 8.8 High2025-09-09
CVE-2025-9712 Ivanti Endpoint Manager 安全漏洞 — Endpoint ManagerCWE-434 8.8 High2025-09-09
CVE-2025-10183 XML External Entity Injection in TecConnect 4.1 — TecConnectCWE-611 9.1 Critical2025-09-09
CVE-2025-7350 Rockwell Automation Stratix® IOS Cross-Site Request Forgery to Code Execution Vulnerability — Stratix IOSCWE-74 9.8AICriticalAI2025-09-09
CVE-2025-41701 Beckhoff: Deserialization of untrusted data by TwinCAT 3 Engineering — TE1000 | TwinCAT 3 EnineeringCWE-502 7.8 High2025-09-09
CVE-2025-40803 Siemens RUGGEDCOM RST2428P 信息泄露漏洞 — RUGGEDCOM RST2428PCWE-200 3.1 Low2025-09-09
CVE-2025-40798 Siemens SIMATIC PCS neo 缓冲区错误漏洞 — SIMATIC PCS neo V4.1CWE-125 7.5 High2025-09-09
CVE-2025-40797 Siemens SIMATIC PCS neo 缓冲区错误漏洞 — SIMATIC PCS neo V4.1CWE-125 7.5 High2025-09-09
CVE-2025-40796 Siemens SIMATIC PCS neo 缓冲区错误漏洞 — SIMATIC PCS neo V4.1CWE-125 7.5 High2025-09-09
CVE-2025-40795 Siemens SIMATIC PCS neo 安全漏洞 — SIMATIC PCS neo V4.1CWE-121 9.8 Critical2025-09-09
CVE-2025-10134 Goza - Nonprofit Charity WordPress Theme <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary File Deletion — Goza - Nonprofit Charity WordPress ThemeCWE-73 9.1 Critical2025-09-09
CVE-2025-10123 D-Link DIR-823X set_static_leases sub_415028 command injection — DIR-823XCWE-77 7.3 High2025-09-09
CVE-2025-42944 Insecure Deserialization vulnerability in SAP Netweaver (RMI-P4) — SAP Netweaver (RMI-P4)CWE-502 10.0 Critical2025-09-09
CVE-2025-42938 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform — SAP NetWeaver ABAP PlatformCWE-79 6.1 Medium2025-09-09
CVE-2025-42926 Missing Authentication check in SAP NetWeaver Application Server Java — SAP NetWeaver Application Server JavaCWE-306 5.3 Medium2025-09-09
CVE-2025-42920 Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management — SAP Supplier Relationship ManagementCWE-79 6.1 Medium2025-09-09
CVE-2025-57633 FTP-Flask-python 安全漏洞 — n/a 9.8AICriticalAI2025-09-09
CVE-2025-10103 code-projects Online Event Judging System home.php sql injection — Online Event Judging SystemCWE-89 7.3 High2025-09-08
CVE-2025-9113 Doccure Core <= 1.5.3 - Unauthenticated Arbitrary File Upload — Doccure CoreCWE-434 9.8 Critical2025-09-08
CVE-2025-9114 Doccure <= 1.5.0 - Unauthenticated Arbitrary User Password Change — DoccureCWE-639 9.8 Critical2025-09-08
CVE-2025-5993 Path Traversal in ITCube CRM — ITCube CRMCWE-22 7.5AIHighAI2025-09-08
CVE-2025-41708 Cleartext Transmission of Sensitive Data via Insecure HTTP Web Interface — CC612CWE-319 7.4 High2025-09-08
CVE-2025-8085 Ditty < 3.1.58 - Unauthenticated SSRF — Ditty 5.3AIMediumAI2025-09-08
CVE-2025-58443 FOG's authentication bypass leads to full SQL DB dump — fogprojectCWE-306 9.8AICriticalAI2025-09-06
CVE-2025-7045 Cloud SAML SSO <= 1.0.19 - Missing Authorization to Unauthenticated Identity Provider Deletion via delete_config Action — Cloud SAML SSO – Single Sign On LoginCWE-306 6.5 Medium2025-09-06
CVE-2025-7040 Cloud SAML SSO <= 1.0.19 - Missing Authorization to Unauthenticated Settings Modification via set_organization_settings Action — Cloud SAML SSO – Single Sign On LoginCWE-862 8.2 High2025-09-06
CVE-2025-8359 AdForest <= 6.0.9 - Authentication Bypass to Admin — AdForestCWE-288 9.8 Critical2025-09-06

access:pre-auth 是常见的弱点类别,本平台收录该类弱点关联的 21230 条 CVE 漏洞。