目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1336 CNY

100%

access:pre-auth 标签下的 CVE 漏洞 21327

access:pre-auth 类型相关 21327 条 CVE 漏洞,含 AI 中文分析、CVSS、参考链接与 POC。

“access:pre-auth”标签标识了无需身份验证即可触发的漏洞,涵盖18971个CVE。此类漏洞之所以关键,是因为攻击者无需凭证即可直接利用,极大降低了攻击门槛并扩大了潜在受害面。典型场景包括远程代码执行、未授权数据访问及拒绝服务攻击,常见于配置错误的API接口、默认凭证服务或存在逻辑缺陷的认证前处理模块,对系统安全性构成直接且严重的威胁。

CVE IDタイトルCVSS深刻度公開日
CVE-2025-20133 Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Remote Access SSL VPN Authentication Targeted Denial of Service Vulnerability — Cisco Adaptive Security Appliance (ASA) SoftwareCWE-401 8.6 High2025-08-14
CVE-2025-20134 Cisco Adaptive Security Appliance and Firepower Threat Defense Software SSL/TLS Certificate Denial of Service Vulnerability — Cisco Adaptive Security Appliance (ASA) SoftwareCWE-415 8.6 High2025-08-14
CVE-2025-40758 Siemens Mendix SAML 数据伪造问题漏洞 — Mendix SAML (Mendix 10.12 compatible)CWE-347 8.7 High2025-08-14
CVE-2025-9036 Rockwell Automation FactoryTalk® Action Manager v1.0.0 Runtime Vulnerability — FactoryTalk® Action ManagerCWE-200 6.5AIMediumAI2025-08-14
CVE-2025-54697 WordPress Kadence WooCommerce Email Designer Plugin <= 1.5.16 - Privilege Escalation Vulnerability — Kadence WooCommerce Email DesignerCWE-266 7.2 High2025-08-14
CVE-2025-8943 Unsupervised OS command execution leads to remote code execution by unauthenticated network attackers 9.8 Critical2025-08-14
CVE-2025-48861 BOSCH ctrlX OS 安全漏洞 — ctrlX OS - SetupCWE-284 5.3 Medium2025-08-14
CVE-2025-43983 KuWFi CPF908-CP5 安全漏洞 — n/a 9.8AICriticalAI2025-08-14
CVE-2025-43984 KuWFi GC111 安全漏洞 — n/a 9.8AICriticalAI2025-08-14
CVE-2025-50861 Altus Cars Lotus Cars Android app 安全漏洞 — n/a 9.8AICriticalAI2025-08-14
CVE-2025-34154 UnForm Server Manager < 10.1.12 Unauthenticated Arbitrary File Read — UnForm Server ManagerCWE-22 8.6AIHighAI2025-08-13
CVE-2011-10011 WeBid 1.0.2 converter.php Remote PHP Code Injection — WeBidCWE-94 9.8AICriticalAI2025-08-13
CVE-2012-10054 Umbraco CMS < 4.7.1 codeEditorSave.asmx RCE — CMSCWE-434 9.8AICriticalAI2025-08-13
CVE-2011-10013 Traq 2.0–2.3 admincp/common.php RCE — Issue Tracking SystemCWE-94 9.8AICriticalAI2025-08-13
CVE-2011-10019 Spreecommerce < 0.60.2 Search Parameter RCE — SpreecommerceCWE-94 9.8AICriticalAI2025-08-13
CVE-2011-10009 S40 CMS 0.4.2 Path Traversal — S40 CMSCWE-22 7.5AIHighAI2025-08-13
CVE-2012-10055 ComSndFTP v1.3.7 Beta USER Format String RCE — FTP ServerCWE-134 9.8AICriticalAI2025-08-13
CVE-2025-1477 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 6.5 Medium2025-08-13
CVE-2025-34153 Hyland OnBase < 17.0.2.87 .NET Remoting TCP Channel Unauthenticated RCE — OnBaseCWE-502 9.8AICriticalAI2025-08-13
CVE-2025-53859 NGINX ngx_mail_smtp_module vulnerability — NGINX PlusCWE-125 3.7 Low2025-08-13
CVE-2025-52585 BIG-IP Client SSL profile vulnerability — BIG-IPCWE-476 7.5 High2025-08-13
CVE-2025-8914 WellChoose|Organization Portal System - SQL Injection — Organization Portal SystemCWE-89 6.5 Medium2025-08-13
CVE-2025-8913 WellChoose|Organization Portal System - Local File Inclusion — Organization Portal SystemCWE-98 9.8 Critical2025-08-13
CVE-2025-8912 WellChoose|Organization Portal System - Arbitrary File Reading through Path Traversal — Organization Portal SystemCWE-36 7.5 High2025-08-13
CVE-2025-8911 WellChoose|Organization Portal System - Reflected Cross-site Scripting — Organization Portal SystemCWE-79 6.1 Medium2025-08-13
CVE-2025-8910 WellChoose|Organization Portal System - Reflected Cross-site Scripting — Organization Portal SystemCWE-79 6.1 Medium2025-08-13
CVE-2025-7384 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.3 - Unauthenticated PHP Object Injection to Arbitrary File Deletion — Database for Contact Form 7, WPforms, Elementor formsCWE-502 9.8 Critical2025-08-13
CVE-2025-0818 Multiple elFinder Plugins <= (Various Versions) - Directory Traversal to Arbitrary File Deletion — File Manager Pro – FilesterCWE-22 6.5 Medium2025-08-13
CVE-2025-8491 Easy restaurant menu manager <= 2.0.2 - Cross-Site Request Forgery to Menu Upload — Easy restaurant menu managerCWE-352 4.3 Medium2025-08-13
CVE-2025-8891 OceanWP <= 4.0.9 - 4.1.1 - Cross-Site Request Forgery to Ocean Extra Plugin Installation — OceanWPCWE-352 4.3 Medium2025-08-13

access:pre-auth 是常见的弱点类别,本平台收录该类弱点关联的 21327 条 CVE 漏洞。