Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

access:pre-auth — CVE vulnerabilities tagged 21359

21359 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2025-20286 ISE on AWS Static Credential — Cisco Identity Services Engine SoftwareCWE-259 9.9 Critical2025-06-04
CVE-2025-20275 Cisco Unified Contact Center Express Editor Remote Code Execution Vulnerability — Cisco Unified Contact Center ExpressCWE-502 5.3 Medium2025-06-04
CVE-2025-20273 Cisco Unified Intelligent Contact Management Enterprise Cross-Site Scripting vulnerability — Cisco Unified Intelligent Contact Management EnterpriseCWE-79 6.1 Medium2025-06-04
CVE-2025-20163 Cisco Nexus Dashboard Fabric Controller SSH Host Key Vulnerability — Cisco Data Center Network ManagerCWE-322 8.7 High2025-06-04
CVE-2025-20129 Cisco Customer Collaboration Platform Information Disclosure Vulnerability — Cisco SocialMinerCWE-200 4.3 Medium2025-06-04
CVE-2018-25112 PHOENIX CONTACT: ILC 1x1 ETH Denial of Service — ILC 131CWE-770 7.5 High2025-06-04
CVE-2025-4578 File Provider <= 1.2.3 - Unauthenticated SQLi — File Provider 9.8AICriticalAI2025-06-04
CVE-2025-48710 kro(Kube Resource Orchestrator) 安全漏洞 — kroCWE-441 4.1 Medium2025-06-04
CVE-2025-24015 Deno's AES GCM authentication tags are not verified — denoCWE-347 9.8AICriticalAI2025-06-03
CVE-2025-25022 IBM QRadar Suite Software and IBM Cloud Pak for Security information disclosure — QRadar Suite SoftwareCWE-260 9.6 Critical2025-06-03
CVE-2025-4392 Shared Files <= 1.7.48 - Unauthenticated Stored Cross-Site Scripting via sanitize_file Function — Shared Files – Frontend File Upload Form & Secure File SharingCWE-79 7.2 High2025-06-03
CVE-2025-41428 Keiyo System TimeWorks 路径遍历漏洞 — TimeWorksCWE-22 5.3AIMediumAI2025-06-03
CVE-2025-3662 FancyBox for WordPress < 3.3.6 - Unauthenticated Stored XSS — FancyBox for WordPress 6.1AIMediumAI2025-06-03
CVE-2025-4797 Golo <= 1.7.0 - Authentication Bypass to Account Takeover — Golo - City Travel Guide WordPress ThemeCWE-288 9.8 Critical2025-06-03
CVE-2025-2939 Ninja Tables – Easy Data Table Builder <= 5.0.18 - Unauthenticated PHP Object Injection to Limited Remote Code Execution — Ninja Tables – Easy Data Table BuilderCWE-502 5.6 Medium2025-06-03
CVE-2025-32105 Sangoma IMG2020 HTTP server 安全漏洞 — n/a 9.8AICriticalAI2025-06-03
CVE-2025-32106 AudioCodes Audiocodes Mediapack MP-11x 安全漏洞 — n/a 9.8AICriticalAI2025-06-03
CVE-2025-48996 Unauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API Endpoint — issuesCWE-201 5.3 Medium2025-06-02
CVE-2024-7073 Unauthenticated Server-Side Request Forgery (SSRF) in Multiple WSO2 Products via SOAP Admin Services — WSO2 Identity Server as Key ManagerCWE-918 6.5 Medium2025-06-02
CVE-2025-48958 Froxlor has an HTML Injection Vulnerability — FroxlorCWE-79 5.5 Medium2025-06-02
CVE-2025-4691 Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking <= 1.3.21 - Insecure Direct Object Reference to Sensitive Information Exposure — eaSYNC Booking – Hotels, Restaurants & Car RentalsCWE-639 5.3 Medium2025-05-31
CVE-2025-4631 Profitori 2.0.6.0 - 2.1.1.3 - Missing Authorization to Unauthenticated Privilege Escalation via stocktend_object Endpoint — The E-Commerce ERP: Purchasing, Inventory, Fulfillment, Manufacturing, BOM, Accounting, Sales AnalysisCWE-285 9.8 Critical2025-05-31
CVE-2025-4607 PSW Front-end Login & Registration <= 1.12 - Insufficiently Random Values to Unauthenticated Account Takeover/Privilege Escalation via customer_registration Function — PSW Front-end Login & RegistrationCWE-330 9.8 Critical2025-05-31
CVE-2025-5016 Relevanssi <= 4.24.5 (Free) and <= 2.27.6 (Premium) - Unauthenticated Stored Cross-Site Scripting via Excerpt Highlights — Relevanssi PremiumCWE-79 4.7 Medium2025-05-31
CVE-2025-5142 Simple Page Access Restriction <= 1.0.31 - Cross-Site Request Forgery via Multiple Parameters — Simple Page Access RestrictionCWE-352 6.5 Medium2025-05-30
CVE-2025-4633 Default Credentials — AirpointerCWE-798 6.5 Medium2025-05-30
CVE-2025-47697 Uchida Yoko wivia 安全漏洞 — wivia 5CWE-602 9.8AICriticalAI2025-05-30
CVE-2025-48889 Gradio Allows Unauthorized File Copy via Path Manipulation — gradioCWE-434 5.3 Medium2025-05-30
CVE-2025-4659 Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.4 - Unauthenticated Full Path Disclosure — Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja FormsCWE-200 5.3 Medium2025-05-30
CVE-2025-44619 Tinxy WiFi Lock Controller v1 RF 安全漏洞 — n/a 8.1AIHighAI2025-05-30

Vulnerabilities classified as access:pre-auth represent 21359 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.