Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

access:pre-auth — CVE vulnerabilities tagged 21333

21333 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2025-32441 Rack session gets restored after deletion — rackCWE-362 4.2 Medium2025-05-07
CVE-2025-35939 Craft CMS stores user-provided content in session files — CMSCWE-472 5.3 Medium2025-05-07
CVE-2025-20195 Cisco IOS XE 跨站请求伪造漏洞 — Cisco IOS XE SoftwareCWE-352 4.3 Medium2025-05-07
CVE-2025-20221 Cisco IOS XE SD-WAN Software 信息泄露漏洞 — Cisco IOS XE SoftwareCWE-200 5.3 Medium2025-05-07
CVE-2025-20162 Cisco IOS XE 资源管理错误漏洞 — Cisco IOS XE SoftwareCWE-400 8.6 High2025-05-07
CVE-2025-20196 Cisco IOS和Cisco IOS XE 安全漏洞 — IOSCWE-307 5.3 Medium2025-05-07
CVE-2025-20140 Cisco IOS XE 安全漏洞 — Cisco IOS XE SoftwareCWE-789 7.4 High2025-05-07
CVE-2025-20189 Cisco IOS XE 安全漏洞 — Cisco IOS XE SoftwareCWE-762 7.4 High2025-05-07
CVE-2025-20181 Cisco IOS 数据伪造问题漏洞 — IOSCWE-347 6.8AIMediumAI2025-05-07
CVE-2025-20202 Cisco IOS XE Wireless Controller Software 安全漏洞 — Cisco IOS XE SoftwareCWE-805 7.4 High2025-05-07
CVE-2025-46828 Unauthenticated SQL Injection on get_socios.php endpoint — WeGIACWE-89 9.8AICriticalAI2025-05-07
CVE-2025-20188 Cisco IOS XE 信任管理问题漏洞 — Cisco IOS XE SoftwareCWE-798 10.0 Critical2025-05-07
CVE-2025-20137 Cisco IOS 访问控制错误漏洞 — IOSCWE-284 4.7 Medium2025-05-07
CVE-2025-20216 Cisco Catalyst SD-WAN Manager Reflected HTML Injection Vulnerability — Cisco Catalyst SD-WAN ManagerCWE-74 4.7 Medium2025-05-07
CVE-2025-20154 Cisco IOS, IOS XE and IOS XR Software TWAMP Denial of Service Vulnerability — Cisco IOS XR SoftwareCWE-20 8.6 High2025-05-07
CVE-2025-20191 Multiple Cisco Products Denial of Service Vulnerability — Cisco NX-OS SoftwareCWE-805 7.4 High2025-05-07
CVE-2025-20182 Cisco Adaptive Security Appliance Software, Firepower Threat Defense Software and IOS XE Software IKEv2 Denial of Service Vulnerability — Cisco Adaptive Security Appliance (ASA) SoftwareCWE-787 8.6 High2025-05-07
CVE-2025-20157 Cisco Catalyst vManage Certificate Validation Vulnerability — Cisco Catalyst SD-WAN ManagerCWE-295 5.9 Medium2025-05-07
CVE-2025-20210 Cisco Catalyst Center Unprotected API Endpoint — Cisco Digital Network Architecture Center (DNA Center)CWE-306 7.3 High2025-05-07
CVE-2025-2777 SysAid On-Prem <= 23.3.40 lshw Proceessing XML External Entity Injection — SysAid On-PremCWE-611 9.3 Critical2025-05-07
CVE-2025-2776 SysAid On-Prem <= 23.3.40 serverurl Proceessing XML External Entity Injection — SysAid On-PremCWE-611 9.3 Critical2025-05-07
CVE-2025-2775 SysAid On-Prem <= 23.3.40 Checkin Proceessing XML External Entity Injection — SysAid On-PremCWE-611 9.3 Critical2025-05-07
CVE-2025-4104 Frontend Dashboard 1.0 - 2.2.6 - Missing Authorization to Unauthenticated Privilege Escalation via fed_wp_ajax_fed_login_form_post Function — Frontend DashboardCWE-285 9.8 Critical2025-05-07
CVE-2025-4054 Relevanssi <= 4.24.3 (Free) and <= 2.27.4 (Premium) - Unauthenticated Stored Cross-Site Scripting via Search Highlights — Relevanssi PremiumCWE-79 6.1 Medium2025-05-07
CVE-2025-3921 PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Missing Authorization to Limited Unauthenticated Arbitrary User Meta Update via handel_ajax_req Function — PeproDev Ultimate Profile SolutionsCWE-285 8.2 High2025-05-07
CVE-2025-3924 PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Missing Authorization to Unauthenticated Email Enumeration — PeproDev Ultimate Profile SolutionsCWE-285 5.3 Medium2025-05-07
CVE-2025-3844 PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Authentication Bypass to Account Takeover — PeproDev Ultimate Profile SolutionsCWE-288 9.8 Critical2025-05-07
CVE-2025-2821 Search Exclude <= 2.4.9 - Missing Authorization to Unauthenticated Plugin Settings Modification — Search ExcludeCWE-862 5.3 Medium2025-05-07
CVE-2025-29448 Easy!Appointments 安全漏洞 — n/a 7.5AIHighAI2025-05-07
CVE-2025-47423 Personal Weather Station Dashboard 安全漏洞 — Personal Weather Station DashboardCWE-24 5.8 Medium2025-05-07

Vulnerabilities classified as access:pre-auth represent 21333 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.