Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

access:pre-auth — CVE vulnerabilities tagged 21279

21279 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2025-48827 Internet Brands vBulletin 安全漏洞 — vBulletinCWE-424 10.0 Critical2025-05-27
CVE-2025-40664 Missing authentication vulnerability in TCMAN GIM v11 — GIMCWE-306 9.8AICriticalAI2025-05-26
CVE-2025-41655 PEPPERL+FUCHS: Attacker can cause a DoS via URL — Profinet Gateway FB8122A.1.ELCWE-306 7.5 High2025-05-26
CVE-2025-41654 PEPPERL+FUCHS: Profinet Gateway LB8122A.1.EL – Device is affected by information disclosure via the SNMP protocol — Profinet Gateway FB8122A.1.ELCWE-306 8.2 High2025-05-26
CVE-2025-1985 PEPPERL+FUCHS: Profinet Gateway LB8122A.1.EL – Device is affected by XSS vulnerability — Profinet Gateway FB8122A.1.ELCWE-79 6.1 Medium2025-05-26
CVE-2025-41441 SYNCK GRAPHICA Mailform Pro CGI 安全漏洞 — Mailform Pro CGICWE-209 5.3AIMediumAI2025-05-26
CVE-2025-4223 Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.0 - Reflected Cross-Site Scripting via login_url Parameter — Page Builder: Pagelayer – Drag and Drop website builderCWE-79 4.7 Medium2025-05-24
CVE-2025-5058 eMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File Upload via set_image() — eMagicOne Store Manager for WooCommerceCWE-434 9.8 Critical2025-05-24
CVE-2025-4336 eMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File Upload via set_file() — eMagicOne Store Manager for WooCommerceCWE-434 8.1 High2025-05-24
CVE-2025-4603 eMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File Deletion — eMagicOne Store Manager for WooCommerceCWE-73 9.1 Critical2025-05-24
CVE-2025-4602 eMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File Read — eMagicOne Store Manager for WooCommerceCWE-73 5.9 Medium2025-05-24
CVE-2025-3869 4stats <= 2.0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting — 4statsCWE-79 6.1 Medium2025-05-24
CVE-2022-31812 Siemens SiPass Integrated 缓冲区错误漏洞 — SiPass integratedCWE-125 7.5 High2025-05-23
CVE-2025-1123 Solid Mail – SMTP email and logging made by SolidWP <= 2.1.5 - Unauthenticated Stored Cross-Site Scripting via Email — Solid Mail – SMTP email and logging made by SolidWPCWE-79 7.2 High2025-05-23
CVE-2025-3895 Low token entropy in MegaBIP — MegaBIPCWE-334 7.4AIHighAI2025-05-23
CVE-2025-48738 StrangeBee TheHive 安全漏洞 — TheHiveCWE-770 8.2AIHighAI2025-05-23
CVE-2025-5024 Gnome-remote-desktop: uncontrolled resource consumption due to malformed rdp pdus — Red Hat Enterprise Linux 10CWE-400 7.4 High2025-05-22
CVE-2025-5062 WooCommerce <= 9.4.2 - PostMessage-Based Cross-Site Scripting — WooCommerceCWE-79 6.1 Medium2025-05-22
CVE-2025-32813 Infoblox NETMRI 安全漏洞 — n/a 9.8AICriticalAI2025-05-22
CVE-2025-32814 Infoblox NETMRI 安全漏洞 — n/a 9.8AICriticalAI2025-05-22
CVE-2025-34027 Versa Concerto Authentication Bypass File Write Remote Code Execution — ConcertoCWE-367 8.1AIHighAI2025-05-21
CVE-2025-20250 Cisco Webex 跨站脚本漏洞 — Cisco Webex MeetingsCWE-79 6.1 Medium2025-05-21
CVE-2025-20247 Cisco Webex 跨站脚本漏洞 — Cisco Webex MeetingsCWE-79 6.1 Medium2025-05-21
CVE-2025-20246 Cisco Webex 跨站脚本漏洞 — Cisco Webex MeetingsCWE-79 6.1 Medium2025-05-21
CVE-2025-20258 Cisco Duo 命令注入漏洞 — Cisco DuoCWE-77 5.4 Medium2025-05-21
CVE-2025-20255 Cisco Webex Meetings 安全漏洞 — Cisco Webex MeetingsCWE-349 4.3 Medium2025-05-21
CVE-2025-20242 Cisco Unified Contact Center Enterprise 访问控制错误漏洞 — Cisco Unified Contact Center EnterpriseCWE-284 6.5 Medium2025-05-21
CVE-2025-20152 ISE restart — Cisco Identity Services Engine SoftwareCWE-125 8.6 High2025-05-21
CVE-2025-4008 Arbitrary Command Injection in Smartbedded MeteoBridge — MeteoBridgeCWE-77 9.8AICriticalAI2025-05-21
CVE-2024-12561 Affiliate Sales in Google Analytics and other tools <= 2.0.0 - Open Redirect — Affiliate Sales in Google Analytics and other toolsCWE-601 6.1 Medium2025-05-21

Vulnerabilities classified as access:pre-auth represent 21279 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.