Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

access:pre-auth — CVE vulnerabilities tagged 21270

21270 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2025-7916 Simopro Technology|WinMatrix3 - Insecure Deserialization — WinMatrix3CWE-502 9.8 Critical2025-07-21
CVE-2025-36846 Eveo URVE Web Manager 安全漏洞 — n/a 9.8 -2025-07-21
CVE-2025-46120 CommScope Ruckus Unleashed和CommScope Ruckus ZoneDirector 安全漏洞 — n/a 9.8 -2025-07-21
CVE-2025-46121 CommScope Ruckus Unleashed 安全漏洞 — n/a 7.4 -2025-07-21
CVE-2025-52362 phproxy 安全漏洞 — n/a 9.1 -2025-07-21
CVE-2020-26799 LuxSoft Luxcal 安全漏洞 — n/a 6.1 -2025-07-21
CVE-2025-7858 PHPGurukul Apartment Visitors Management System HTTP POST Request admin-profile.php cross site scripting — Apartment Visitors Management SystemCWE-79 3.5 Low2025-07-19
CVE-2015-10138 Work The Flow File Upload <= 2.5.2 - Arbitrary File Upload — Work The Flow File UploadCWE-434 9.8 Critical2025-07-19
CVE-2012-10019 Front-end Editor < 2.3 - Arbitrary File Upload — Front-end EditorCWE-434 9.8 Critical2025-07-19
CVE-2015-10135 WPshop 2 – E-Commerce < 1.3.9.6 - Arbitrary File Upload — WPshop 2 – E-CommerceCWE-434 9.8 Critical2025-07-19
CVE-2015-10136 GI-Media Library < 3.0 - Directory Traversal — GI-Media LibraryCWE-22 7.5 High2025-07-19
CVE-2016-15043 WP Mobile Detector <= 3.5 - Arbitrary File Upload — WP Mobile DetectorCWE-434 9.8 Critical2025-07-19
CVE-2025-6720 Vchasno Kasa <= 1.0.3 - Unauthenticated Log File Clearing — MORKVA Vchasno Kasa IntegrationCWE-862 5.3 Medium2025-07-19
CVE-2025-6721 Vchasno Kasa <= 1.0.3 - Missing Authorization to Unauthenticated Invoice Generation — MORKVA Vchasno Kasa IntegrationCWE-862 5.3 Medium2025-07-19
CVE-2025-7697 Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 - Unauthenticated PHP Object Injection via verify_field_val Function — Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja FormsCWE-502 9.8 Critical2025-07-19
CVE-2025-7696 Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.2.3 - Unauthenticated PHP Object Injection via verify_field_val Function — Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja FormsCWE-502 9.8 Critical2025-07-19
CVE-2025-7669 Avishi WP PayPal Payment Button <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Avishi WP PayPal Payment ButtonCWE-352 6.1 Medium2025-07-19
CVE-2025-50057 Extension - rsjoomla.com - DOS vulnerability RSFiles! component 1.16.3-1.17.7 for Joomla — RSFiles! component for JoomlaCWE-400 7.5 -2025-07-18
CVE-2025-7444 LoginPress Pro <= 5.0.1 - Authentication Bypass via WordPress.com OAuth provider — LoginPress ProCWE-288 9.8 Critical2025-07-18
CVE-2025-5811 Listly: Listicles For WordPress <= 2.7 - Unauthenticated Arbitrary Transient Deletion — Listly: Listicles For WordPressCWE-862 5.3 Medium2025-07-18
CVE-2025-7643 Attachment Manager <= 2.1.2 - Unauthenticated Arbitrary File Deletion — Attachment ManagerCWE-22 9.1 Critical2025-07-18
CVE-2025-6222 WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet <= 3.2.6 - Unauthenticated Arbitrary File Upload — WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User WalletCWE-434 9.8 Critical2025-07-18
CVE-2025-6053 Zuppler Online Ordering <= 2.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Zuppler Online OrderingCWE-352 6.1 Medium2025-07-18
CVE-2025-6781 Copymatic – AI Content Writer & Generator <= 2.1 - Cross-Site Request Forgery to Settings Update — Copymatic – AI Content Writer & GeneratorCWE-352 4.3 Medium2025-07-18
CVE-2025-52168 Agorum core open 安全漏洞 — n/a 7.5 -2025-07-18
CVE-2025-54068 Livewire vulnerable to remote command execution during property update hydration — livewireCWE-94 9.8AICriticalAI2025-07-17
CVE-2025-25257 Fortinet FortiWeb SQL注入漏洞 — FortiWebCWE-89 9.6 Critical2025-07-17
CVE-2025-7735 UNIMAX|Hospital Information System - SQL Injection — Hospital Information SystemCWE-89 7.5 High2025-07-17
CVE-2025-7712 Madara - Core <= 2.2.3 - Unauthenticated Arbitrary File Deletion — Madara - CoreCWE-22 9.1 Critical2025-07-17
CVE-2025-5396 Bears Backup <= 2.0.0 - Unauthenticated Remote Code Execution — Bears BackupCWE-94 9.8 Critical2025-07-17

Vulnerabilities classified as access:pre-auth represent 21270 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.