Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

access:pre-auth — CVE vulnerabilities tagged 21234

21234 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2025-30048 Unauthenticated access to module configuration endpoint — CGM CLININETCWE-306 7.5AIHighAI2025-08-27
CVE-2025-30040 Missing authentication in API returning request logs containing session IDs — CGM CLININETCWE-306 5.3AIMediumAI2025-08-27
CVE-2025-30039 Missing authentication in API returning a list of all active sessions — CGM CLININETCWE-306 9.8AICriticalAI2025-08-27
CVE-2025-30037 Missing authentication in APIs allowing data retrieval and modification — CGM CLININETCWE-306 7.5AIHighAI2025-08-27
CVE-2025-50972 AbanteCart 安全漏洞 — n/a 9.8 -2025-08-27
CVE-2025-50979 NodeBB 安全漏洞 — n/a 9.8 -2025-08-27
CVE-2025-50984 Diskover-web 安全漏洞 — n/a 7.5 -2025-08-27
CVE-2025-56694 lumasoft fotoShare Cloud 安全漏洞 — n/a 5.3 -2025-08-27
CVE-2025-6247 WordPress Automatic Plugin - AI content generator and auto poster plugin <= 3.118.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting — WordPress Automatic PluginCWE-80 4.7 Medium2025-08-26
CVE-2025-41702 egOS WebGUI Hard-Coded JWT Secret Enables Authentication Bypass — EG400Mk2-D11001-000101CWE-321 9.8 Critical2025-08-26
CVE-2025-9172 Vibes <= 2.2.0 - Unauthenticated SQL Injection via `resource` Parameter — VibesCWE-89 7.5 High2025-08-26
CVE-2025-50971 AbanteCart 安全漏洞 — n/a 7.5AIHighAI2025-08-26
CVE-2025-50974 IPFire 安全漏洞 — n/a 9.8 -2025-08-26
CVE-2025-25734 Kapsch TrafficCom RIS-9260 RSU LEO和Kapsch TrafficCom RIS-9160 安全漏洞 — n/a 9.8 -2025-08-26
CVE-2025-25736 Kapsch TrafficCom RIS-9260 RSU LEO 安全漏洞 — n/a 9.8 -2025-08-26
CVE-2025-8627 Unauthenticated Protocol Commands on TP-Link KP303 — TP-Link KP303 (US) Smartplug 8.1AIHighAI2025-08-25
CVE-2025-53120 Securden Unified PAM Path Traversal In File Upload — Unified PAMCWE-22 9.4 Critical2025-08-25
CVE-2025-53119 Securden Unified PAM Unauthenticated Unrestricted File Upload — Unified PAMCWE-434 7.5 High2025-08-25
CVE-2025-53118 Securden Unified PAM Authentication Bypass — Unified PAMCWE-306 9.8 Critical2025-08-25
CVE-2025-7426 MINOVA TTA Information Disclosure and Credential Exposure — TTACWE-200 9.8AICriticalAI2025-08-25
CVE-2025-5514 Denial-of-Service(DoS) Vulnerability in Web server function on MELSEC iQ-F Series CPU module — MELSEC iQ-F Series FX5U-32MT/ESCWE-130 5.3 Medium2025-08-25
CVE-2025-43960 Adminer 安全漏洞 — n/a 7.5 -2025-08-25
CVE-2025-50900 Rebuild 安全漏洞 — n/a 9.8AICriticalAI2025-08-25
CVE-2025-36157 IBM Engineering Lifecycle Management incorrect authorization — Engineering Lifecycle ManagementCWE-863 9.8 Critical2025-08-24
CVE-2025-5060 Bravis User <= 1.0.1 - Authentication Bypass to Account Takeover — Bravis UserCWE-288 8.1 High2025-08-23
CVE-2025-5821 Case Theme User <= 1.0.3 - Authentication Bypass via Social Login — Case Theme UserCWE-288 9.8 Critical2025-08-23
CVE-2025-7813 Event Manager, Events Calendar, Booking, Registrations and Tickets – Eventin <= 4.0.37 - Unauthenticated Server-Side Request Forgery — Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered)CWE-918 7.2 High2025-08-23
CVE-2025-7821 WC Plus <= 1.2.0 - Missing Authorization to Unauthenticated Settings Manipulation — WC PlusCWE-862 5.3 Medium2025-08-23
CVE-2025-7841 Sertifier Certificate & Badge Maker for WordPress – Tutor LMS <= 1.19 - Cross-Site Request Forgery to Settings Update — Sertifier Certificate & Badge Maker for WordPress – Tutor LMSCWE-352 4.3 Medium2025-08-23
CVE-2025-7839 Restore Permanently delete Post or Page Data <= 1.0 - Cross-Site Request Forgery — Restore Permanently delete Post or Page DataCWE-352 4.3 Medium2025-08-23

Vulnerabilities classified as access:pre-auth represent 21234 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.