Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

access:pre-auth — CVE vulnerabilities tagged 21333

21333 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2025-30476 Dell PowerScale InsightIQ 资源管理错误漏洞 — PowerScale InsightIQCWE-400 5.3 Medium2025-05-15
CVE-2025-30475 Dell PowerScale InsightIQ 安全漏洞 — PowerScale InsightIQCWE-269 8.1 High2025-05-15
CVE-2025-4762 Insecure Direct Object Reference (IDOR) vulnerability in eSignaViewer — eSignaCWE-20 7.5AIHighAI2025-05-15
CVE-2025-4564 TicketBAI Facturas para WooCommerce <= 3.18 - Unauthenticated Arbitrary File Deletion — TicketBAI Facturas para WooCommerceCWE-22 9.8 Critical2025-05-15
CVE-2025-32738 I-O Data HDL-T 访问控制错误漏洞 — HDL-TC1CWE-306 5.3 Medium2025-05-15
CVE-2025-32002 I-O Data HDL-T 操作系统命令注入漏洞 — HDL-TC1CWE-78 9.8 Critical2025-05-15
CVE-2025-3917 百度站长SEO合集(支持百度/神马/Bing/头条推送) <= 2.0.6 - Unauthenticated Arbitrary File Upload — SEO合集(支持百度/Google/Bing/头条推送)CWE-434 9.8 Critical2025-05-15
CVE-2025-4579 WP Content Security Plugin <= 2.3 - Unauthenticated Stored Cross-Site Scripting via CSP-Report Fields — WP Content Security PluginCWE-79 7.2 High2025-05-15
CVE-2025-47889 Jenkins plugin WSO2 Oauth 安全漏洞 — Jenkins WSO2 Oauth Plugin 9.8AICriticalAI2025-05-14
CVE-2025-0132 Cortex XDR Broker VM: Unauthenticated User Can Disable Internal Services — Cortex XDR Broker VMCWE-306 5.3AIMediumAI2025-05-14
CVE-2025-0130 PAN-OS: Firewall Denial-of-Service (DoS) in the Web-Proxy Feature via a Burst of Maliciously Crafted Packets — Cloud NGFWCWE-754 7.5AIHighAI2025-05-14
CVE-2025-40595 SonicWALL SMA1000 安全漏洞 — SMA1000CWE-918 9.1AICriticalAI2025-05-14
CVE-2025-47781 Rallly Insufficient Password Login Token Entropy Leads to Account Takeover — ralllyCWE-331 9.8 Critical2025-05-14
CVE-2025-3769 Latepoint <= 5.1.92 - Unauthenticated Insecure Direct Object Reference — LatePoint – Calendar Booking Plugin for Appointments and EventsCWE-639 5.3 Medium2025-05-14
CVE-2025-47292 Cap Collectif vulnerable to insecure deserialization leading to remote code execution — cap-collectifCWE-502 9.8AICriticalAI2025-05-14
CVE-2025-2875 Schneider Electric多款产品 安全漏洞 — Modicon Controllers M241 / M251CWE-610 7.5 High2025-05-14
CVE-2024-8988 PeepSo Core: File Uploads <= 6.4.6.0 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via file_download — PeepSo Core: File UploadsCWE-639 5.3 Medium2025-05-14
CVE-2025-3623 Uncanny Automator <= 6.4.0.1 - Unauthenticated PHP Object Injection in automator_api_decode_message Function — Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder PluginCWE-502 9.1 Critical2025-05-14
CVE-2025-22892 Intel OpenVINO model server 资源管理错误漏洞 — OpenVINO™ model server software maintained by Intel(R) 6.5 Medium2025-05-13
CVE-2025-22844 Intel Tiber Edge Platform Edge Orchestrator 访问控制错误漏洞 — Edge Orchestrator software for Intel(R) Tiber™ Edge Platform 4.3 Medium2025-05-13
CVE-2025-20076 Intel Tiber Edge Platform Edge Orchestrator 访问控制错误漏洞 — Edge Orchestrator software for Intel(R) Tiber™ Edge Platform 5.0 Medium2025-05-13
CVE-2025-20062 Intel PROSet/Wireless WiFi 资源管理错误漏洞 — Intel(R) PROSet/Wireless WiFi Software for Windows 6.1 Medium2025-05-13
CVE-2025-20047 Intel Core Ultra Processors 安全漏洞 — Intel(R) Core™ Ultra Processors 5.7 Medium2025-05-13
CVE-2025-20046 Intel PROSet/Wireless Software 资源管理错误漏洞 — Intel(R) PROSet/Wireless WiFi Software for Windows 8.0 High2025-05-13
CVE-2025-20039 Intel PROSet/Wireless WiFi 竞争条件问题漏洞 — Intel(R) PROSet/Wireless WiFi Software for Windows 6.6 Medium2025-05-13
CVE-2025-20026 Intel PROSet/Wireless Software 缓冲区错误漏洞 — Intel(R) PROSet/Wireless WiFi Software for Windows 6.1 Medium2025-05-13
CVE-2025-20012 Intel Core Ultra Processors 安全漏洞 — Intel(R) Core™ Ultra Processors 4.9 Medium2025-05-13
CVE-2025-20006 Intel PROSet/Wireless WiFi 资源管理错误漏洞 — Intel(R) PROSet/Wireless WiFi Software for Windows 7.4 High2025-05-13
CVE-2025-4660 Remote Code Execution in Windows Secure Connector/ HPS Inspection Engine via Insecure Named Pipe Access — SecureConnectorCWE-276 9.8AICriticalAI2025-05-13
CVE-2025-22462 Ivanti Neurons for ITSM 安全漏洞 — Neurons for ITSM (on-prem)CWE-288 9.8 Critical2025-05-13

Vulnerabilities classified as access:pre-auth represent 21333 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.