Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

access:pre-auth — CVE vulnerabilities tagged 21234

21234 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2025-9036 Rockwell Automation FactoryTalk® Action Manager v1.0.0 Runtime Vulnerability — FactoryTalk® Action ManagerCWE-200 6.5AIMediumAI2025-08-14
CVE-2025-54697 WordPress Kadence WooCommerce Email Designer Plugin <= 1.5.16 - Privilege Escalation Vulnerability — Kadence WooCommerce Email DesignerCWE-266 7.2 High2025-08-14
CVE-2025-8943 Unsupervised OS command execution leads to remote code execution by unauthenticated network attackers 9.8 Critical2025-08-14
CVE-2025-48861 BOSCH ctrlX OS 安全漏洞 — ctrlX OS - SetupCWE-284 5.3 Medium2025-08-14
CVE-2025-43983 KuWFi CPF908-CP5 安全漏洞 — n/a 9.8AICriticalAI2025-08-14
CVE-2025-43984 KuWFi GC111 安全漏洞 — n/a 9.8AICriticalAI2025-08-14
CVE-2025-50861 Altus Cars Lotus Cars Android app 安全漏洞 — n/a 9.8AICriticalAI2025-08-14
CVE-2025-34154 UnForm Server Manager < 10.1.12 Unauthenticated Arbitrary File Read — UnForm Server ManagerCWE-22 8.6AIHighAI2025-08-13
CVE-2011-10011 WeBid 1.0.2 converter.php Remote PHP Code Injection — WeBidCWE-94 9.8AICriticalAI2025-08-13
CVE-2012-10054 Umbraco CMS < 4.7.1 codeEditorSave.asmx RCE — CMSCWE-434 9.8AICriticalAI2025-08-13
CVE-2011-10013 Traq 2.0–2.3 admincp/common.php RCE — Issue Tracking SystemCWE-94 9.8AICriticalAI2025-08-13
CVE-2011-10019 Spreecommerce < 0.60.2 Search Parameter RCE — SpreecommerceCWE-94 9.8AICriticalAI2025-08-13
CVE-2011-10009 S40 CMS 0.4.2 Path Traversal — S40 CMSCWE-22 7.5AIHighAI2025-08-13
CVE-2012-10055 ComSndFTP v1.3.7 Beta USER Format String RCE — FTP ServerCWE-134 9.8AICriticalAI2025-08-13
CVE-2025-1477 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 6.5 Medium2025-08-13
CVE-2025-34153 Hyland OnBase < 17.0.2.87 .NET Remoting TCP Channel Unauthenticated RCE — OnBaseCWE-502 9.8AICriticalAI2025-08-13
CVE-2025-53859 NGINX ngx_mail_smtp_module vulnerability — NGINX PlusCWE-125 3.7 Low2025-08-13
CVE-2025-52585 BIG-IP Client SSL profile vulnerability — BIG-IPCWE-476 7.5 High2025-08-13
CVE-2025-8914 WellChoose|Organization Portal System - SQL Injection — Organization Portal SystemCWE-89 6.5 Medium2025-08-13
CVE-2025-8913 WellChoose|Organization Portal System - Local File Inclusion — Organization Portal SystemCWE-98 9.8 Critical2025-08-13
CVE-2025-8912 WellChoose|Organization Portal System - Arbitrary File Reading through Path Traversal — Organization Portal SystemCWE-36 7.5 High2025-08-13
CVE-2025-8911 WellChoose|Organization Portal System - Reflected Cross-site Scripting — Organization Portal SystemCWE-79 6.1 Medium2025-08-13
CVE-2025-8910 WellChoose|Organization Portal System - Reflected Cross-site Scripting — Organization Portal SystemCWE-79 6.1 Medium2025-08-13
CVE-2025-7384 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.3 - Unauthenticated PHP Object Injection to Arbitrary File Deletion — Database for Contact Form 7, WPforms, Elementor formsCWE-502 9.8 Critical2025-08-13
CVE-2025-0818 Multiple elFinder Plugins <= (Various Versions) - Directory Traversal to Arbitrary File Deletion — File Manager Pro – FilesterCWE-22 6.5 Medium2025-08-13
CVE-2025-8491 Easy restaurant menu manager <= 2.0.2 - Cross-Site Request Forgery to Menu Upload — Easy restaurant menu managerCWE-352 4.3 Medium2025-08-13
CVE-2025-8891 OceanWP <= 4.0.9 - 4.1.1 - Cross-Site Request Forgery to Ocean Extra Plugin Installation — OceanWPCWE-352 4.3 Medium2025-08-13
CVE-2025-43986 KuWFi GC111 安全漏洞 — n/a 7.5AIHighAI2025-08-13
CVE-2025-43988 KuWFi 5G01-X55 安全漏洞 — n/a 9.8AICriticalAI2025-08-13
CVE-2025-43989 Tuoshi NR500-EA 安全漏洞 — n/a 9.8AICriticalAI2025-08-13

Vulnerabilities classified as access:pre-auth represent 21234 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.