Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

access:pre-auth — CVE vulnerabilities tagged 21280

21280 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2025-5938 Digital Marketing and Agency Templates Addons for Elementor <= 1.1.1 - Cross-Site Request Forgery to Import — Digital Marketing and Agency Templates Addons for ElementorCWE-352 5.3 Medium2025-06-13
CVE-2025-5930 WP2HTML <= 1.0.2 - Cross-Site Request Forgery to Settings Update — WP2HTMLCWE-352 4.3 Medium2025-06-13
CVE-2025-5926 Link Shield <= 0.5.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Link ShieldCWE-352 6.1 Medium2025-06-13
CVE-2025-5288 REST API | Custom API Generator For Cross Platform And Import Export In WP 1.0.0 - 2.0.3 - Missing Authorization to Unauthenticated Privilege Escalation via process_handler Function — REST API | Custom API Generator For Cross Platform And Import Export In WPCWE-862 9.8 Critical2025-06-13
CVE-2025-6003 WordPress Single Sign-On (SSO) - Multiple Versions - Incorrect Authorization to Sensitive Information Exposure — WordPress Single Sign-On (SSO) - Single Site StandardCWE-863 5.3 Medium2025-06-12
CVE-2025-4973 Workreap <= 3.3.1 - Authentication Bypass via 'workreap_verify_user_account' — WorkreapCWE-288 9.8 Critical2025-06-12
CVE-2025-46035 Tenda AC6 安全漏洞 — n/a 7.5AIHighAI2025-06-12
CVE-2025-3302 Xagio SEO <= 7.1.0.16 - Unauthenticated Stored Cross-Site Scripting via 'HTTP_REFERER' — Xagio SEO – AI Powered SEOCWE-79 7.2 High2025-06-11
CVE-2025-41663 Weidmueller: Security routers IE-SR-2TX are affected by Command Injection — IE-SR-2TX-WLCWE-78 9.8 Critical2025-06-11
CVE-2025-41661 Weidmueller: Security routers IE-SR-2TX are affected by CSRF — IE-SR-2TX-WLCWE-352 8.8 High2025-06-11
CVE-2025-35940 Hard-coded ArchiverSpaApi JWT Signing Key — ArchiverCWE-798 8.1 High2025-06-10
CVE-2025-2474 Vulnerability in PCX Image Codec Impacts QNX Software Development Platform — QNX Software Development Platform (SDP)CWE-787 9.8 Critical2025-06-10
CVE-2025-36574 Dell Wyse Management Suite WMS 安全漏洞 — Wyse Management SuiteCWE-36 8.2 High2025-06-10
CVE-2025-36575 Dell Wyse Management Suite WMS 安全漏洞 — Wyse Management SuiteCWE-202 7.5 High2025-06-10
CVE-2024-50568 Fortinet FortiOS 安全漏洞 — FortiOSCWE-300 5.6 Medium2025-06-10
CVE-2024-32119 Fortinet FortiClientEMS 安全漏洞 — FortiClientEMSCWE-1390 4.6 Medium2025-06-10
CVE-2025-22251 Fortinet FortiOS 安全漏洞 — FortiOSCWE-923 3.0 Low2025-06-10
CVE-2025-48879 OctoPrint Vulnerable to Denial of Service through malformed HTTP request — OctoPrintCWE-140 6.5 Medium2025-06-10
CVE-2025-41657 AUMA: Incorrect delivery status of the Bluetooth configuration — AC1.2CWE-207 4.3 Medium2025-06-10
CVE-2025-4840 Likes and Dislikes Plugin <= 1.0.0 - Unauthenticated SQL Injection — inprosysmedia-likes-dislikes-post 9.8AICriticalAI2025-06-10
CVE-2025-5925 Bunny’s Print CSS <= 0.95 - Cross-Site Request Forgery to Settings Update — Bunny’s Print CSSCWE-352 4.3 Medium2025-06-10
CVE-2025-42988 Server-Side Request Forgery in SAP Business Objects Business Intelligence Platform — SAP Business Objects Business Intelligence PlatformCWE-918 3.7 Low2025-06-10
CVE-2025-31325 Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver (ABAP Keyword Documentation) — SAP NetWeaver (ABAP Keyword Documentation)CWE-79 5.8 Medium2025-06-10
CVE-2025-23192 Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence (BI Workspace) — SAP BusinessObjects Business Intelligence (BI Workspace)CWE-79 8.2 High2025-06-10
CVE-2024-57186 erxes 安全漏洞 — n/a 7.5AIHighAI2025-06-10
CVE-2025-30507 CyberData 011209 SIP Emergency Intercom SQL Injection — 011209 SIP Emergency IntercomCWE-89 5.3 Medium2025-06-09
CVE-2025-26468 CyberData 011209 SIP Emergency Intercom Missing Authentication for Critical Function — 011209 SIP Emergency IntercomCWE-306 7.5 High2025-06-09
CVE-2025-30184 CyberData 011209 SIP Emergency Intercom Authentication Bypass Using an Alternate Path or Channel — 011209 SIP Emergency IntercomCWE-288 9.8 Critical2025-06-09
CVE-2025-5893 Honding Technology Smart Parking Management System - Exposure of Sensitive Information — Smart Parking Management SystemCWE-497 9.8 Critical2025-06-09
CVE-2025-3461 ON Semiconductor Quantenna Telnet Missing Authentication — Quantenna Wi-Fi chipsetCWE-306 9.1 Critical2025-06-08

Vulnerabilities classified as access:pre-auth represent 21280 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.