Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

access:pre-auth — CVE vulnerabilities tagged 21234

21234 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2025-50690 SpatialReference.org 安全漏洞 — n/a 6.1AIMediumAI2025-08-13
CVE-2025-49457 Zoom Clients for Windows - Untrusted Search Path — Zoom Clients for WindowsCWE-426 9.6 Critical2025-08-12
CVE-2025-49456 Zoom Clients for Windows- Race Condition — Zoom Clients for WindowsCWE-426 6.2 Medium2025-08-12
CVE-2024-26009 Fortinet多款产品 安全漏洞 — FortiProxyCWE-288 7.9 High2025-08-12
CVE-2025-52970 Fortinet FortiWeb 安全漏洞 — FortiWebCWE-233 7.7 High2025-08-12
CVE-2025-25256 Fortinet FortiSIEM 操作系统命令注入漏洞 — FortiSIEMCWE-78 9.8 Critical2025-08-12
CVE-2025-27576 Intel Tiber Edge Platform Edge Orchestrator 资源管理错误漏洞 — Edge Orchestrator software 2.9 Low2025-08-12
CVE-2025-24921 Intel Tiber Edge Platform Edge Orchestrator 安全漏洞 — Edge Orchestrator software 6.6 Medium2025-08-12
CVE-2025-24840 Intel Tiber Edge Platform Edge Orchestrator 访问控制错误漏洞 — Edge Orchestrator software 5.8 Medium2025-08-12
CVE-2025-20625 Intel PROSet/Wireless WiFi Software 代码问题漏洞 — Intel(R) PROSet/Wireless WiFi Software for Windows 7.4 High2025-08-12
CVE-2025-5462 Ivanti多款产品 安全漏洞 — Connect SecureCWE-122 7.5 High2025-08-12
CVE-2025-5456 Ivanti多款产品 缓冲区错误漏洞 — Connect SecureCWE-125 7.5 High2025-08-12
CVE-2025-30034 Siemens SIMATIC RTLS Locating Manager 安全漏洞 — SIMATIC RTLS Locating ManagerCWE-617 6.2 Medium2025-08-12
CVE-2024-52504 Siemens多款产品 代码问题漏洞 — SIPROTEC 4 6MD61CWE-754 7.5 High2025-08-12
CVE-2025-6253 UiCore Elements <= 1.3.0 - Missing Authorization to Unauthenticated Arbitrary File Read — UiCore Elements – Free widgets and templates for ElementorCWE-862 7.5 High2025-08-12
CVE-2025-8059 B Blocks <= 2.0.6 - Missing Authorization to Unauthenticated Privilege Escalation via rgfr_registration Function — bBlocks – Essential Gutenberg Blocks & Patterns CollectionCWE-862 9.8 Critical2025-08-12
CVE-2025-4390 WP Private Content Plus <= 3.6.2 - Unauthenticated Sensitive Information Exposure — WP Private Content PlusCWE-200 5.3 Medium2025-08-12
CVE-2025-42975 Multiple vulnerabilities in SAP NetWeaver Application Server ABAP (BIC Document) — SAP NetWeaver Application Server ABAP (BIC Document)CWE-79 6.1 Medium2025-08-12
CVE-2025-42948 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform — SAP NetWeaver ABAP PlatformCWE-79 6.1 Medium2025-08-12
CVE-2025-42942 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server for ABAP — SAP NetWeaver Application Server for ABAPCWE-79 6.1 Medium2025-08-12
CVE-2025-54992 OpenKilda XXE in SAML configuration — open-kildaCWE-611 7.5AIHighAI2025-08-11
CVE-2025-54478 Unauthenticated Channel Subscription Edit in Mattermost Confluence Plugin — Mattermost Confluence PluginCWE-306 7.2 High2025-08-11
CVE-2025-49221 Unauthenticated Access to Channel Subscription in Mattermost Confluence Plugin — Mattermost Confluence PluginCWE-862 3.7 Low2025-08-11
CVE-2025-8866 YugabyteDB 安全漏洞 — YugabyteDB AnywhereCWE-200 5.3AIMediumAI2025-08-11
CVE-2012-10038 Auxilium RateMyPet Arbitrary File Upload RCE — RateMyPetCWE-434 9.8AICriticalAI2025-08-11
CVE-2025-8853 2100 Technology|Official Document Management System - Authentication Bypass — Official Document Management SystemCWE-290 9.8 Critical2025-08-11
CVE-2025-54888 @fedify/fedify: Improper Authentication and Incorrect Authorization — fedifyCWE-287 9.8 -2025-08-09
CVE-2025-4796 Eventin <= 4.0.34 - Authenticated (Contributor+) Privilege Escalation via User Email Change/Account Takeover — Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered)CWE-639 8.8 High2025-08-08
CVE-2012-10045 XODA 0.4.5 Arbitrary PHP File Upload — XODACWE-434 9.8 -2025-08-08
CVE-2012-10041 WAN Emulator v2.3 Command Execution — WAN EmulatorCWE-78 9.8 -2025-08-08

Vulnerabilities classified as access:pre-auth represent 21234 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.