Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19065

19065 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2026-4272 CVE-2026-4272 - Bluetooth Remote Execution of System Commands Vulnerability — Barcode ScannersCWE-306 8.1 High2026-04-05
CVE-2019-25675 eDirectory All Versions SQL Injection Authentication Bypass — eDirectoryCWE-89 8.2 High2026-04-05
CVE-2019-25694 Kados R10 GreenBee SQL Injection via user2reset — Kados R10 GreenBeeCWE-89 8.2 High2026-04-05
CVE-2019-25688 Kados R10 GreenBee SQL Injection via menu_lev1 Parameter — Kados GreenBeeCWE-89 8.2 High2026-04-05
CVE-2019-25687 Pegasus CMS 1.0 Remote Code Execution via extra_fields.php — Pegasus CMSCWE-22 9.8 Critical2026-04-05
CVE-2019-25686 Core FTP 2.0 build 653 PBSZ Unauthenticated Denial of Service — Core FTPCWE-306 7.5 High2026-04-05
CVE-2019-25684 OpenDocMan 1.3.4 SQL Injection via where Parameter — OpenDocManCWE-89 8.2 High2026-04-05
CVE-2019-25680 Advance Gift Shop Pro Script 2.0.3 SQL Injection via search — Advance Gift Shop Pro ScriptCWE-89 8.2 High2026-04-05
CVE-2019-25678 C4G BLIS 3.4 SQL Injection via users_select.php — Basic Laboratory Information SystemCWE-306 8.2 High2026-04-05
CVE-2019-25676 Ask Expert Script 3.0.5 Cross Site Scripting SQL Injection — Ask Expert ScriptCWE-79 8.2 High2026-04-05
CVE-2019-25674 CMSsite 1.0 SQL Injection via post Parameter — CMSsiteCWE-89 8.2 High2026-04-05
CVE-2019-25672 PilusCart 1.4.1 SQL Injection via send Parameter — PilusCartCWE-89 8.2 High2026-04-05
CVE-2019-25668 News Website Script 2.0.5 SQL Injection via index.php — News Website ScriptCWE-89 8.2 High2026-04-05
CVE-2019-25662 ResourceSpace 8.6 SQL Injection via watched_searches.php — ResourceSpaceCWE-89 8.2 High2026-04-05
CVE-2026-5526 Tenda 4G03 Pro httpd access control — 4G03 ProCWE-284 7.3 High2026-04-04
CVE-2018-25246 Wikipedia 12.0 Denial of Service via Search — WikipediaCWE-306 7.5 High2026-04-04
CVE-2018-25244 Eco Search 1.0.2.0 Denial of Service — Eco SearchCWE-1312 6.2 Medium2026-04-04
CVE-2018-25241 VPN Browser+ 1.1.0.0 Denial of Service — VPN Browser+CWE-306 7.5 High2026-04-04
CVE-2016-20053 Redaxo CMS 5.2 Cross-Site Request Forgery via users endpoint — Redaxo CMSCWE-352 5.3 Medium2026-04-04
CVE-2016-20051 Snews CMS 1.7 Cross-Site Request Forgery via changeup — Snews CMS Cross Site Request ForgeryCWE-352 5.3 Medium2026-04-04
CVE-2016-20052 Snews CMS 1.7 Unrestricted File Upload via snews_files — Snews CMS upload shellerCWE-434 9.8 Critical2026-04-04
CVE-2026-2936 Visitor Traffic Real Time Statistics <= 8.4 - Unauthenticated Stored Cross-Site Scripting — Visitor Traffic Real Time StatisticsCWE-79 7.2 High2026-04-04
CVE-2026-1233 Text to Speech (TTS) by Mementor <= 1.9.8 - Use of Hardcoded Password to Unauthenticated Remote Database Access — Text to Speech – TTSWPCWE-798 7.5 High2026-04-04
CVE-2025-14938 Listeo-Core - Directory Plugin by Purethemes <= 2.0.27 - Unauthenticated Arbitrary Media Upload — Listeo-Core - Directory Plugin by PurethemesCWE-434 5.3 Medium2026-04-04
CVE-2026-3309 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.11 - Unauthenticated Arbitrary Shortcode Execution via Checkout Billing Fields — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-94 6.5 Medium2026-04-04
CVE-2026-5425 Widgets for Social Photo Feed <= 1.7.9 - Unauthenticated Stored Cross-Site Scripting via feed_data — Widgets for Social Photo FeedCWE-79 7.2 High2026-04-04
CVE-2026-3571 Pie Register – User Registration, Profiles & Content Restriction <= 3.8.4.8 - Missing Authorization to Unauthenticated Registration Form Status Modification — Pie Register – User Registration, Profiles & Content RestrictionCWE-862 6.5 Medium2026-04-04
CVE-2026-35616 Fortinet FortiClientEms 安全漏洞 — FortiClientEMSCWE-284 9.1 Critical2026-04-04
CVE-2017-20235 ProSoft Technology ICX35-HWC Authentication Bypass — ICX35-HWC Cellular GatewayCWE-287 8.8 Critical2026-04-03
CVE-2017-20234 GarrettCom Magnum 6K and 10K Authentication Bypass via Hardcoded String — GarrettCom Magnum 6K and 10K Managed SwitchesCWE-798 9.8 Critical2026-04-03

Vulnerabilities classified as access:pre-auth represent 19065 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.