Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

access:pre-auth — CVE vulnerabilities tagged 21272

21272 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2025-4334 Simple User Registration <= 6.3 - Unauthenticated Privilege Escalation — Simple User RegistrationCWE-269 9.8 Critical2025-06-26
CVE-2025-30131 IROAD Dashcam FX2 安全漏洞 — n/a 9.8AICriticalAI2025-06-26
CVE-2025-52894 OpenBao Vulnerable to Unauthenticated Rekey Operation Cancellation — openbaoCWE-20 7.5AIHighAI2025-06-25
CVE-2025-49153 Path Traversal in MICROSENS NMP Web+ — NMP Web+CWE-22 9.8AICriticalAI2025-06-25
CVE-2025-49151 Use of Hard-coded, Security-relevant Constants in MICROSENS NMP Web+ — NMP Web+CWE-547 9.1AICriticalAI2025-06-25
CVE-2025-20282 Cisco ISE API Unauthenticated Remote Code Execution Vulnerability — Cisco Identity Services Engine SoftwareCWE-269 10.0 Critical2025-06-25
CVE-2025-5015 Parsons AccuWeather Widget Cross-site Scripting — Parsons Utility Enterprise Data ManagementCWE-79 8.8 High2025-06-25
CVE-2025-20281 Cisco ISE API Unauthenticated Remote Code Execution Vulnerability — Cisco Identity Services Engine SoftwareCWE-74 10.0 Critical2025-06-25
CVE-2021-4457 ZoomSounds < 6.05 - Unauthenticated Arbitrary File Upload — ZoomSounds 9.8AICriticalAI2025-06-25
CVE-2025-5927 Everest Forms (Pro) <= 1.9.4 - Unauthenticated Path Traversal to Arbitrary File Deletion — Everest Forms ProCWE-36 7.5 High2025-06-25
CVE-2024-51983 Unauthenticated Denial of Service (DoS) via malformed WS-Scan request affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, Toshiba Tec, and Konica Minolta, Inc. — HL-L8260CDNCWE-1286 7.5 High2025-06-25
CVE-2024-51982 Unauthenticated Denial of Service (DoS) via malformed PJL request affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, and Ricoh. — HL-L8260CDNCWE-1286 7.5 High2025-06-25
CVE-2024-51981 Unauthenticated Server Side Request Forgery (SSRF) via WS-Eventing affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, and Toshiba Tec, and Konica Minolta, Inc. — HL-L8260CDNCWE-918 5.3 Medium2025-06-25
CVE-2024-51980 Unauthenticated Server Side Request Forgery (SSRF) via WS-Addressing affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, Toshiba Tec, and Konica Minolta, Inc. — HL-L8260CDNCWE-918 5.3 Medium2025-06-25
CVE-2024-51978 Authentication bypass via default password generation affecting multiple models from Brother Industries, Ltd, Toshiba Tec, and Konica Minolta, Inc. — DCP-J928N-W/BCWE-1391 9.8 Critical2025-06-25
CVE-2024-51977 Unauthenticated leak of sensitive information affecting multiple models from Brother Industries, Ltd., FUJIFILM Business Innovation, Ricoh, Toshiba Tec, and Konica Minolta, Inc. — HL-L8260CDNCWE-538 5.3 Medium2025-06-25
CVE-2025-52571 Hikka vulnerable to RCE through edits in a channel — HikkaCWE-287 9.7 Critical2025-06-24
CVE-2025-49852 Server-Side Request Forgery (SSRF) in ControlID iDSecure On-premises — iDSecure On-premisesCWE-918 7.5 High2025-06-24
CVE-2025-2566 Deserialization of Untrusted Data in Kaleris Navis N4 — Navis N4CWE-502 9.8AICriticalAI2025-06-24
CVE-2025-39201 Hitachi MicroSCADA X SYS600 安全漏洞 — MicroSCADA X SYS600CWE-276 6.1 Medium2025-06-24
CVE-2025-3092 MB connect line: Observable response discrepancy in mbCONNECT24/mymbCONNECT24 — myREX24CWE-204 7.5 High2025-06-24
CVE-2025-3090 MB connect line: Missing Authentication in mbCONNECT24/mymbCONNECT24 — mbCONNECT24CWE-306 8.2 High2025-06-24
CVE-2025-48890 Elecom WRH-733GBK和Elecom WRH-733GWH 操作系统命令注入漏洞 — WRH-733GBKCWE-78 9.8AICriticalAI2025-06-24
CVE-2025-43879 Elecom WRH-733GBK和Elecom WRH-733GWH 操作系统命令注入漏洞 — WRH-733GBKCWE-78 9.8AICriticalAI2025-06-24
CVE-2025-48469 Unauthenticated Firmware Upload — Advantech Wireless Sensing and Equipment (WISE) 9.6 Critical2025-06-24
CVE-2025-48466 Modbus Command Injection without Authentication — Advantech Wireless Sensing and Equipment (WISE) 8.1 High2025-06-24
CVE-2025-48461 Weak Session Cookie Entropy — Advantech Wireless Sensing and Equipment (WISE) 5.0 Medium2025-06-24
CVE-2025-6560 Sapido Wireless Router - Exposure of Sensitive Information — BR071nCWE-256 9.8 Critical2025-06-24
CVE-2025-6559 Sapido Wireless Router - OS Command Injection — BR071nCWE-78 9.8 Critical2025-06-24
CVE-2025-34041 Sangfor Endpoint Detection and Response OS Command Injection — Endpoint Detection and Response PlatformCWE-78 9.8AICriticalAI2025-06-24

Vulnerabilities classified as access:pre-auth represent 21272 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.