目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1336 CNY

100%

access:pre-auth 标签下的 CVE 漏洞 21354

access:pre-auth 类型相关 21354 条 CVE 漏洞,含 AI 中文分析、CVSS、参考链接与 POC。

“access:pre-auth”标签标识了无需身份验证即可触发的漏洞,涵盖18971个CVE。此类漏洞之所以关键,是因为攻击者无需凭证即可直接利用,极大降低了攻击门槛并扩大了潜在受害面。典型场景包括远程代码执行、未授权数据访问及拒绝服务攻击,常见于配置错误的API接口、默认凭证服务或存在逻辑缺陷的认证前处理模块,对系统安全性构成直接且严重的威胁。

CVE IDタイトルCVSS深刻度公開日
CVE-2025-3809 Debug Log Manager <= 2.3.4 - Unauthenticated Stored Cross-Site Scripting — Debug Log Manager – Conveniently Monitor and Inspect ErrorsCWE-79 7.2 High2025-04-19
CVE-2025-2111 WP Headers And Footers <= 3.1.1 - Cross-Site Request Forgery to Arbitrary Options Update — Insert Headers And FootersCWE-352 7.5 High2025-04-19
CVE-2025-3103 CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon <= 2.4 - Unauthenticated Arbitrary File Read — CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget AddonCWE-73 7.5 High2025-04-19
CVE-2025-1093 AIHub <= 1.3.7 - Unauthenticated Arbitrary File Upload in generate_image — AI Hub - Startup & Technology WordPress ThemeCWE-434 9.8 Critical2025-04-19
CVE-2025-2010 JobWP – Job Board, Job Listing, Career Page and Recruitment Plugin <= 2.3.9 - Unauthenticated SQL Injection — JobWP – Job Board, Job Listing, Career Page and Recruitment PluginCWE-89 7.5 High2025-04-19
CVE-2025-3278 UrbanGo Membership <= 1.0.4 - Unauthenticated Privilege Escalation — UrbanGo MembershipCWE-269 9.8 Critical2025-04-19
CVE-2025-3284 User Registration & Membership PRO – Custom Registration Form, Login Form, and User Profile <= 5.1.3 - Cross-Site Request Forgery to User Deletion — User Registration PRO – Custom Registration Form, Login Form, and User Profile WordPress PluginCWE-352 4.3 Medium2025-04-19
CVE-2025-32377 Rasa Pro Missing Authentication For Voice Connector APIs — rasa-pro-security-advisoriesCWE-306 6.5 Medium2025-04-18
CVE-2025-31120 NamelessMC Vulnerable to Cookie-Based View Count Manipulation — NamelessCWE-565 5.3 Medium2025-04-18
CVE-2025-3598 Coupon Affiliates – Affiliate Plugin for WooCommerce <= 6.3.0 - Reflected Cross-Site Scripting via 'commission_summary' Parameter — Coupon Affiliates – Affiliate Plugin for WooCommerceCWE-79 6.1 Medium2025-04-18
CVE-2025-42599 QUALITIA Active! mail 安全漏洞 — Active! mail 6CWE-121 9.8 -2025-04-18
CVE-2025-28232 JMBroadcast JMB0150 Firmware 安全漏洞 — n/a 9.8 -2025-04-18
CVE-2024-42178 HCL MyXalytics is affected by a failure to restrict URL access vulnerability — HCL MyXalyticsCWE-288 2.5 Low2025-04-17
CVE-2025-26478 Dell ECS 信任管理问题漏洞 — ECSCWE-295 3.1 Low2025-04-17
CVE-2025-3479 Forminator <= 1.42.0 - Order Replay Vulnerability — Forminator Forms – Contact Form, Payment Form & Custom Form BuilderCWE-354 5.3 Medium2025-04-17
CVE-2025-3453 Password Protected – Password Protect your WordPress Site, Pages, & WooCommerce Products <= 2.7.7 - Unauthenticated Sensitive Information Exposure — Password Protected — Lock Entire Site, Pages, Posts, Categories, and Partial ContentCWE-863 5.3 Medium2025-04-17
CVE-2025-29931 Siemens TeleControl Server Basic 安全漏洞 — TeleControl Server BasicCWE-130 3.7 Low2025-04-17
CVE-2024-13925 Klarna Checkout for WooCommerce < 2.13.5 - DoS via Excessive Logging — Klarna Checkout for WooCommerce 7.5AIHighAI2025-04-17
CVE-2025-29662 LandChat 安全漏洞 — n/a 9.8AICriticalAI2025-04-17
CVE-2025-32433 Erlang/OTP SSH Vulnerable to Pre-Authentication RCE — otpCWE-306 10.0 Critical2025-04-16
CVE-2025-27540 Siemens TeleControl Server Basic SQL注入漏洞 — TeleControl Server BasicCWE-89 9.8 Critical2025-04-16
CVE-2025-27539 Siemens TeleControl Server Basic SQL注入漏洞 — TeleControl Server BasicCWE-89 9.8 Critical2025-04-16
CVE-2025-27495 Siemens TeleControl Server Basic SQL注入漏洞 — TeleControl Server BasicCWE-89 9.8 Critical2025-04-16
CVE-2025-20236 Cisco Webex App Client-Side Remote Code Execution Vulnerability — Cisco Webex TeamsCWE-829 8.8 High2025-04-16
CVE-2025-20150 Cisco Nexus Dashboard Username Enumeration Vulnerability — Cisco Nexus DashboardCWE-209 5.3 Medium2025-04-16
CVE-2025-3104 WP Staging Pro <= 6.1.2 - Unauthenticated Information Exposure via getOutdatedPluginsRequest Function — WP STAGING Pro WordPress Backup PluginCWE-200 5.3 Medium2025-04-16
CVE-2025-3247 Contact Form 7 <= 6.0.5 - Order Replay Vulnerability — Contact Form 7CWE-354 5.3 Medium2025-04-16
CVE-2024-13452 Contact Form by Supsystic <= 1.7.29 - Cross-Site Request Forgery to Stored Cross-Site Scripting via saveAsCopy AJAX Action — Contact Form by SupsysticCWE-79 6.1 Medium2025-04-16
CVE-2024-53304 LRQA Nettitude PoshC2 安全漏洞 — n/a 9.8AICriticalAI2025-04-16
CVE-2024-55372 Wallos 安全漏洞 — n/a 9.8AICriticalAI2025-04-16

access:pre-auth 是常见的弱点类别,本平台收录该类弱点关联的 21354 条 CVE 漏洞。