Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

access:pre-auth — CVE vulnerabilities tagged 21279

21279 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2025-5303 LTL Freight Quotes – Freightview Edition <= 1.0.11, LTL Freight Quotes – Daylight Edition <=2.2.6 and LTL Freight Quotes – Day & Ross Edition <= 2.1.10 - Unauthenticated Stored Cross-Site Scripting via `expiry_date` Parameter — LTL Freight Quotes – Freightview EditionCWE-79 7.2 High2025-06-07
CVE-2025-5814 Profiler – What Slowing Down Your WP <= 1.0.0 - Missing Authentication to Unauthenticated Arbitrary Plugin Reactivation via State Restoration — Profiler – What Slowing Down Your WPCWE-862 5.3 Medium2025-06-07
CVE-2025-49127 Kafbat UI vulnerable to Remote Code Execution by JMX in Metrices Configuration — kafka-uiCWE-502 9.8AICriticalAI2025-06-06
CVE-2025-47950 CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification — corednsCWE-770 7.5 High2025-06-06
CVE-2025-5486 WP Email Debug 1.0 - 1.1.0 - Missing Authorization to Unauthenticated Privilege Escalation via Password Reset — WP Email DebugCWE-862 9.8 Critical2025-06-06
CVE-2025-2935 Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms <= 2024.7 - Cross-Site Request Forgery to Multiple Administrative Actions — Stop Spammers ClassicCWE-352 5.4 Medium2025-06-06
CVE-2025-4966 WP Online Users Stats <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via hk_dataset_results Function — WP Online Users StatsCWE-352 6.1 Medium2025-06-06
CVE-2025-5019 Hive Support <= 1.2.5 - Cross-Site Request Forgery via hs_update_ai_chat_settings Function — Hive Support | AI-Powered Help Desk, Live Chat and ChatbotCWE-352 5.4 Medium2025-06-06
CVE-2025-5733 Modern Events Calendar <= 7.21.9 - Information Exposure — Modern Events Calendar LiteCWE-201 5.3 Medium2025-06-06
CVE-2025-5701 HyperComments <= 1.2.2 - Unauthenticated (Subscriber+) Arbitrary Options Update — HyperCommentsCWE-862 8.8 High2025-06-05
CVE-2025-20286 ISE on AWS Static Credential — Cisco Identity Services Engine SoftwareCWE-259 9.9 Critical2025-06-04
CVE-2025-20275 Cisco Unified Contact Center Express Editor Remote Code Execution Vulnerability — Cisco Unified Contact Center ExpressCWE-502 5.3 Medium2025-06-04
CVE-2025-20273 Cisco Unified Intelligent Contact Management Enterprise Cross-Site Scripting vulnerability — Cisco Unified Intelligent Contact Management EnterpriseCWE-79 6.1 Medium2025-06-04
CVE-2025-20163 Cisco Nexus Dashboard Fabric Controller SSH Host Key Vulnerability — Cisco Data Center Network ManagerCWE-322 8.7 High2025-06-04
CVE-2025-20129 Cisco Customer Collaboration Platform Information Disclosure Vulnerability — Cisco SocialMinerCWE-200 4.3 Medium2025-06-04
CVE-2018-25112 PHOENIX CONTACT: ILC 1x1 ETH Denial of Service — ILC 131CWE-770 7.5 High2025-06-04
CVE-2025-4578 File Provider <= 1.2.3 - Unauthenticated SQLi — File Provider 9.8AICriticalAI2025-06-04
CVE-2025-48710 kro(Kube Resource Orchestrator) 安全漏洞 — kroCWE-441 4.1 Medium2025-06-04
CVE-2025-24015 Deno's AES GCM authentication tags are not verified — denoCWE-347 9.8AICriticalAI2025-06-03
CVE-2025-25022 IBM QRadar Suite Software and IBM Cloud Pak for Security information disclosure — QRadar Suite SoftwareCWE-260 9.6 Critical2025-06-03
CVE-2025-4392 Shared Files <= 1.7.48 - Unauthenticated Stored Cross-Site Scripting via sanitize_file Function — Shared Files – Frontend File Upload Form & Secure File SharingCWE-79 7.2 High2025-06-03
CVE-2025-41428 Keiyo System TimeWorks 路径遍历漏洞 — TimeWorksCWE-22 5.3AIMediumAI2025-06-03
CVE-2025-3662 FancyBox for WordPress < 3.3.6 - Unauthenticated Stored XSS — FancyBox for WordPress 6.1AIMediumAI2025-06-03
CVE-2025-4797 Golo <= 1.7.0 - Authentication Bypass to Account Takeover — Golo - City Travel Guide WordPress ThemeCWE-288 9.8 Critical2025-06-03
CVE-2025-2939 Ninja Tables – Easy Data Table Builder <= 5.0.18 - Unauthenticated PHP Object Injection to Limited Remote Code Execution — Ninja Tables – Easy Data Table BuilderCWE-502 5.6 Medium2025-06-03
CVE-2025-32105 Sangoma IMG2020 HTTP server 安全漏洞 — n/a 9.8AICriticalAI2025-06-03
CVE-2025-32106 AudioCodes Audiocodes Mediapack MP-11x 安全漏洞 — n/a 9.8AICriticalAI2025-06-03
CVE-2025-48996 Unauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API Endpoint — issuesCWE-201 5.3 Medium2025-06-02
CVE-2024-7073 Unauthenticated Server-Side Request Forgery (SSRF) in Multiple WSO2 Products via SOAP Admin Services — WSO2 Identity Server as Key ManagerCWE-918 6.5 Medium2025-06-02
CVE-2025-48958 Froxlor has an HTML Injection Vulnerability — FroxlorCWE-79 5.5 Medium2025-06-02

Vulnerabilities classified as access:pre-auth represent 21279 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.