Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

access:pre-auth — CVE vulnerabilities tagged 21272

21272 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2025-34040 Seeyon Zhiyuan OA System Path Traversal File Upload — Zhiyuan OA Web Application SystemCWE-434 9.8AICriticalAI2025-06-24
CVE-2025-34039 Yonyou NC BeanShell Command Injection — UFIDA NCCWE-306 9.8AICriticalAI2025-06-24
CVE-2025-34038 Weaver E-cology SQL Injection — E-cologyCWE-89 9.1AICriticalAI2025-06-24
CVE-2025-34037 Linksys Routers E/WAG/WAP/WES/WET/WRT-Series — E4200CWE-78 9.8AICriticalAI2025-06-24
CVE-2025-34036 Shenzhen TVT CCTV-DVR Command Injection — CCTV-DVRCWE-78 9.8AICriticalAI2025-06-24
CVE-2025-34035 EnGenius EnShare IoT Gigabit Cloud Service Command Injection — EnShare IoT Gigabit Cloud ServiceCWE-78 9.8AICriticalAI2025-06-24
CVE-2025-34034 5VTechnologies Blue Angel Software Suite Hardcoded Credentials — Blue Angel Software SuiteCWE-798 9.8AICriticalAI2025-06-24
CVE-2025-34031 Moodle LMS Jmol Plugin Path Traversal — Jmol PluginCWE-22 7.5AIHighAI2025-06-24
CVE-2025-32977 Quest KACE Systems Management Appliance 安全漏洞 — n/a 7.5AIHighAI2025-06-24
CVE-2025-32978 Quest KACE Systems Management Appliance 访问控制错误漏洞 — n/a 9.1 -2025-06-24
CVE-2025-53021 Moodle 授权问题漏洞 — MoodleCWE-384 4.2 Medium2025-06-24
CVE-2025-27827 Mitel MiContact Center Business 安全漏洞 — n/a 7.1AIHighAI2025-06-24
CVE-2025-27828 Mitel MiContact Center Business 安全漏洞 — n/a 6.1AIMediumAI2025-06-24
CVE-2025-52562 Convey Panel Directory Traversal in LocaleController leading to Remote Code Execution — panelCWE-22 10.0 Critical2025-06-23
CVE-2025-48026 Mitel OpenScape Xpressions 安全漏洞 — n/a 7.5AIHighAI2025-06-23
CVE-2025-34030 sar2html OS Command Injection — sar2htmlCWE-78 9.8AICriticalAI2025-06-20
CVE-2025-34022 Selea Targa IP OCR-ANPR Camera Path Traversal — Targa IP OCR-ANPR CameraCWE-22 7.5AIHighAI2025-06-20
CVE-2025-34021 Selea Targa IP OCR-ANPR Camera Server-Side Request Forgery — Targa IP OCR-ANPR CameraCWE-918 9.1AICriticalAI2025-06-20
CVE-2025-25038 MiniDVBLinux Root Command Injection — MiniDVBLinuxCWE-78 9.8AICriticalAI2025-06-20
CVE-2025-25037 Aquatronica Controller System Complete Information Disclosure — Aquatronica Controller SystemCWE-200 9.8AICriticalAI2025-06-20
CVE-2025-25034 SugarCRM PHP Deserialization RCE — SugarCRMCWE-502 9.8AICriticalAI2025-06-20
CVE-2024-53298 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFSCWE-862 9.8 Critical2025-06-20
CVE-2025-44203 Hoteldruid 安全漏洞 — n/a 9.1AICriticalAI2025-06-20
CVE-2025-50201 WeGIA OS Command Injection in debug_info.php parameter 'branch' — WeGIACWE-78 9.8 Critical2025-06-19
CVE-2025-20260 ClamAV PDF Scanning Buffer Overflow Vulnerability — ClamAVCWE-122 9.8 Critical2025-06-18
CVE-2025-20271 Cisco Meraki MX and Z Series AnyConnect VPN with Client Certificate Authentication Denial of Service Vulnerability — Cisco Meraki MX FirmwareCWE-457 8.6 High2025-06-18
CVE-2025-20234 ClamAV UDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability — Cisco Secure EndpointCWE-125 5.3 Medium2025-06-18
CVE-2025-4821 Incorrect congestion window growth by invalid ACK ranges — quicheCWE-770 7.5 High2025-06-18
CVE-2025-4820 Incorrect congestion window growth by optimistic ACK — quicheCWE-770 5.3 Medium2025-06-18
CVE-2025-1562 Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit <= 3.5.3 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation — FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerceCWE-862 9.8 Critical2025-06-18

Vulnerabilities classified as access:pre-auth represent 21272 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.