Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

access:pre-auth — CVE vulnerabilities tagged 21230

21230 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2025-10003 UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP <= 1.2.44 - Authenticated (Subscriber+) SQL Injection — UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WPCWE-89 6.5 Medium2025-09-06
CVE-2025-7368 Rehub <= 19.9.7 - Unauthenticated Password Protected Post Disclosure — REHub - Price Comparison, Multi Vendor Marketplace Wordpress ThemeCWE-200 5.3 Medium2025-09-06
CVE-2025-7366 Rehub <= 19.9.7 - Unauthenticated Arbitrary Shortcode Execution via re_filterpost — REHub - Price Comparison, Multi Vendor Marketplace Wordpress ThemeCWE-94 7.3 High2025-09-06
CVE-2025-58366 Onyxia private helm repository credentials are leaked through unauthenticated API — onyxiaCWE-522 9.1AICriticalAI2025-09-05
CVE-2025-41408 LY Yahoo! Shopping App 安全漏洞 — "Yahoo! Shopping" App for AndroidCWE-939 6.1AIMediumAI2025-09-05
CVE-2025-55037 TkEasyGUI 操作系统命令注入漏洞 — TkEasyGUICWE-78 9.8AICriticalAI2025-09-05
CVE-2025-9990 WordPress Helpdesk Integration <= 5.8.10 - Unauthenticated Local File Inclusion — WordPress Helpdesk IntegrationCWE-98 8.1 High2025-09-05
CVE-2024-43184 IBM Jazz Foundation cross-site scripting — Jazz FoundationCWE-79 6.1 Medium2025-09-04
CVE-2025-7385 SQL Injection in GOV CMS — GOV CMSCWE-89 9.8AICriticalAI2025-09-04
CVE-2025-9616 PopAd <= 1.0.4 - Cross-Site Request Forgery to Settings Update — PopAdCWE-352 5.3 Medium2025-09-04
CVE-2025-8268 Ai Engine <= 2.9.5 - Missing Authorization to Unauthenticated Uploaded Files Disclosure And Deletion — AI Engine – The Chatbot, AI Framework & MCP for WordPressCWE-862 6.5 Medium2025-09-03
CVE-2025-20291 Cisco Webex Meetings 输入验证错误漏洞 — Cisco Webex MeetingsCWE-601 4.3 Medium2025-09-03
CVE-2025-20335 Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Information Arbitrary File Write Vulnerability — Cisco Session Initiation Protocol (SIP) SoftwareCWE-284 5.3 Medium2025-09-03
CVE-2025-20336 Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Information Disclosure Vulnerability — Cisco Session Initiation Protocol (SIP) SoftwareCWE-200 5.3 Medium2025-09-03
CVE-2025-20330 Cisco Unified Communications Manager IM and Presence Cross-Site Scripting Vulnerability — Cisco Unified Communications Manager IM and Presence ServiceCWE-79 6.1 Medium2025-09-03
CVE-2025-20326 Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability — Cisco Unified Communications ManagerCWE-352 4.3 Medium2025-09-03
CVE-2025-55944 Slink 安全漏洞 — n/a 6.1AIMediumAI2025-09-03
CVE-2024-58259 Rancher affected by unauthenticated Denial of Service — rancherCWE-770 8.2 High2025-09-02
CVE-2025-52551 Proprietary protocol allows for unauthenticated file operations — E2 Facility Management SystemCWE-306 9.8AICriticalAI2025-09-02
CVE-2025-52546 Stored XSS by uploading a specially crafted floor plan file — E3 Supervisory ControlCWE-434 6.1AIMediumAI2025-09-02
CVE-2025-52544 Arbitrary read file from the filesystem — E3 Supervisory ControlCWE-20 7.5AIHighAI2025-09-02
CVE-2025-41031 Multiple vulnerabilities in Deporsite by T-INNOVA — DeporsiteCWE-863 5.3AIMediumAI2025-09-02
CVE-2025-41030 Multiple vulnerabilities in Deporsite by T-INNOVA — DeporsiteCWE-863 5.3AIMediumAI2025-09-02
CVE-2024-28988 SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability — Web Help DeskCWE-502 9.8 Critical2025-09-01
CVE-2025-0656 IBM Concert Software cross-site scripting — Concert SoftwareCWE-79 6.1 Medium2025-09-01
CVE-2025-54857 Seikou202fSolutions SkyBridge BASIC MB-A130 操作系统命令注入漏洞 — SkyBridge BASIC MB-A130CWE-78 9.8 -2025-09-01
CVE-2025-7731 Information Disclosure Vulnerability in MELSEC iQ-F Series CPU module — MELSEC iQ-F Series FX5U-32MT/ESCWE-319 7.5 High2025-09-01
CVE-2025-7405 Information Disclosure, Information Tampering, and Denial of Service (DoS) Vulnerability in MELSEC iQ-F Series CPU module — MELSEC iQ-F Series FX5U-32MT/ESCWE-306 7.3 High2025-09-01
CVE-2025-9569 Sunnet|eHRD CTMS - Reflected Cross-site Scripting — eHRD CTMSCWE-79 6.1 Medium2025-09-01
CVE-2025-9568 Sunnet|eHRD CTMS - Reflected Cross-site Scripting — eHRD CTMSCWE-79 6.1 Medium2025-09-01

Vulnerabilities classified as access:pre-auth represent 21230 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.