Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

access:pre-auth — CVE vulnerabilities tagged 21234

21234 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2025-7684 Last.fm Recent Album Artwork <= 1.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Last.fm Recent Album ArtworkCWE-352 6.1 Medium2025-08-16
CVE-2024-12612 School Management System for Wordpress <= 93.2.0 - Unauthenticated SQL Injection — School Management System for WordpressCWE-89 7.5 High2025-08-16
CVE-2024-12575 Poll Maker – Versus Polls, Anonymous Polls, Image Polls <= 5.8.9 - Unauthenticated Basic Information Exposure — Poll Maker – Versus Polls, Anonymous Polls, Image PollsCWE-200 5.3 Medium2025-08-16
CVE-2025-54466 Apache OFBiz: RCE Vulnerability in scrum plugin — Apache OFBizCWE-94 9.8AICriticalAI2025-08-15
CVE-2025-7688 Add User Meta <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Add User MetaCWE-352 6.1 Medium2025-08-15
CVE-2025-7778 Icons Factory <= 1.6.12 - Missing Authorization to Unauthenticated Arbitrary File Deletion via delete_files() Function — Icons FactoryCWE-285 9.8 Critical2025-08-15
CVE-2025-8091 EventON Lite <= 2.4.7 - Authenticated (Contributor+) Information Disclosure — EventON – Events CalendarCWE-200 4.3 Medium2025-08-15
CVE-2025-7641 Assistant for NextGEN Gallery <= 1.0.9 - Unauthenticated Arbitrary Directory Deletion — Assistant for NextGEN GalleryCWE-22 7.5 High2025-08-15
CVE-2025-6679 Contact Form by Bit Form - Bit Form <= 2.20.3 - Unauthenticated Arbitrary File Upload — Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builderCWE-434 9.8 Critical2025-08-15
CVE-2025-6025 Order Tip for WooCommerce <= 1.5.4 - Unauthenticated Tip Manipulation to Negative Value Leading to Unauthorized Discounts — Order Tip for WooCommerceCWE-602 7.5 High2025-08-15
CVE-2025-8342 WooCommerce OTP Login With Phone Number, OTP Verification <= 1.8.47 - Authentication Bypass — OTP Login With Phone Number, OTP VerificationCWE-862 8.1 High2025-08-15
CVE-2025-20268 Cisco Secure Firewall Threat Defense Software Geolocation Remote Access VPN Bypass Vulnerability — Cisco Firepower Threat Defense SoftwareCWE-229 5.8 Medium2025-08-14
CVE-2025-20265 Cisco Secure Firewall Management Center Software Radius Remote Code Execution Vulnerability — Cisco Firepower Management CenterCWE-74 10.0 Critical2025-08-14
CVE-2025-20254 Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure Firewall Threat Defense 安全漏洞 — Cisco Adaptive Security Appliance (ASA) SoftwareCWE-401 5.8 Medium2025-08-14
CVE-2025-20263 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Buffer Overflow Denial of Service Vulnerability — Cisco Adaptive Security Appliance (ASA) SoftwareCWE-680 8.6 High2025-08-14
CVE-2025-20253 Cisco IOS, IOS XE, Secure Firewall Adaptive Security Appliance, and Secure Firewall Threat Defense Software IKEv2 Denial of Service Vulnerability — Cisco Adaptive Security Appliance (ASA) SoftwareCWE-835 8.6 High2025-08-14
CVE-2025-20252 Cisco Secure Firewall Management Center和Cisco Secure Firewall Adaptive Security Appliance 安全漏洞 — Cisco Adaptive Security Appliance (ASA) SoftwareCWE-401 5.8 Medium2025-08-14
CVE-2025-20243 Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Remote Access SSL VPN Denial of Service Vulnerability — Cisco Adaptive Security Appliance (ASA) SoftwareCWE-835 8.6 High2025-08-14
CVE-2025-20239 Cisco多款产品 安全漏洞 — IOSCWE-401 8.6 High2025-08-14
CVE-2025-20225 Cisco多款产品 安全漏洞 — IOSCWE-401 5.8 Medium2025-08-14
CVE-2025-20235 Cisco Secure Firewall Management Center Software Cross-Site Scripting Vulnerability — Cisco Firepower Management CenterCWE-79 6.1 Medium2025-08-14
CVE-2025-20224 Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure Firewall Threat Defense 安全漏洞 — Cisco Adaptive Security Appliance (ASA) SoftwareCWE-401 5.8 Medium2025-08-14
CVE-2025-20222 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Buffer Vulnerability — Cisco Firepower Threat Defense SoftwareCWE-120 8.6 High2025-08-14
CVE-2025-20219 Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Access Control Bypass Vulnerability — Cisco Adaptive Security Appliance (ASA) SoftwareCWE-284 5.3 Medium2025-08-14
CVE-2025-20217 Cisco Firepower Threat Defense Intrusion Detection Denial of Service Vulnerability — Cisco Firepower Threat Defense SoftwareCWE-835 8.6 High2025-08-14
CVE-2025-20136 Cisco Adaptive Security Appliance and Firepower Threat Defense Software Network Address Translation DNS Inspection Denial of Service Vulnerability — Cisco Adaptive Security Appliance (ASA) SoftwareCWE-835 8.6 High2025-08-14
CVE-2025-20135 Cisco Adaptive Security Appliance and Firepower Threat Defense Software DHCP Denial of Service Vulnerability — Cisco Adaptive Security Appliance (ASA) SoftwareCWE-401 4.3 Medium2025-08-14
CVE-2025-20133 Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Remote Access SSL VPN Authentication Targeted Denial of Service Vulnerability — Cisco Adaptive Security Appliance (ASA) SoftwareCWE-401 8.6 High2025-08-14
CVE-2025-20134 Cisco Adaptive Security Appliance and Firepower Threat Defense Software SSL/TLS Certificate Denial of Service Vulnerability — Cisco Adaptive Security Appliance (ASA) SoftwareCWE-415 8.6 High2025-08-14
CVE-2025-40758 Siemens Mendix SAML 数据伪造问题漏洞 — Mendix SAML (Mendix 10.12 compatible)CWE-347 8.7 High2025-08-14

Vulnerabilities classified as access:pre-auth represent 21234 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.