Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

access:pre-auth — CVE vulnerabilities tagged 21352

21352 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2025-30716 Oracle E-Business Suite 安全漏洞 — Oracle Common Applications 7.5 High2025-04-15
CVE-2025-30707 Oracle E-Business Suite 安全漏洞 — Oracle iStore 7.5 High2025-04-15
CVE-2025-30708 Oracle E-Business Suite 安全漏洞 — Oracle User Management 7.5 High2025-04-15
CVE-2025-30709 Oracle JD Edwards Products 安全漏洞 — JD Edwards EnterpriseOne Tools 6.1 Medium2025-04-15
CVE-2025-30698 Oracle Java SE 安全漏洞 — Oracle Java SE 5.6 Medium2025-04-15
CVE-2025-30691 Oracle Java SE和Oracle GraalVM 安全漏洞 — Oracle Java SE 4.8 Medium2025-04-15
CVE-2025-21587 Oracle Java SE 安全漏洞 — Oracle Java SE 7.4 High2025-04-15
CVE-2025-21582 Oracle E-Business Suite 安全漏洞 — Oracle CRM Technical Foundation 6.1 Medium2025-04-15
CVE-2025-31941 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portalCWE-639 5.3 Medium2025-04-15
CVE-2025-31357 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portalCWE-639 5.3 Medium2025-04-15
CVE-2025-31933 Growatt Cloud Applications Authorization Bypass Through User-Controlled Key — Cloud portalCWE-639 5.3 Medium2025-04-15
CVE-2025-32012 Jellyfin Vulnerable to Denial of Service (DoS) via IP Spoofing — jellyfinCWE-290 6.5AIMediumAI2025-04-15
CVE-2025-32993 Vision Helpdesk 安全漏洞 — Vision HelpdeskCWE-89 6.5 Medium2025-04-15
CVE-2025-28137 TOTOLINK A810R 安全漏洞 — n/a 8.1AIHighAI2025-04-15
CVE-2021-27289 ZigBee 安全漏洞 — n/a 8.1AIHighAI2025-04-15
CVE-2025-2572 WhatsUp Gold NmConfigurationManager.exe database manipulation vulnerability — WhatsUp GoldCWE-287 5.6 Medium2025-04-14
CVE-2025-22371 SQL-injection in admin_login_handler allows unauthenticated user to log in as an administrator in SicommNet BASEC — BASECCWE-89 9.8AICriticalAI2025-04-14
CVE-2025-2563 User Registration & Membership < 4.1.2- Unauthenticated Privilege Escalation — User Registration & Membership 9.8AICriticalAI2025-04-14
CVE-2025-3572 INTUMIT SmartRobot - Server-Side Request Forgery — SmartRobotCWE-918 7.5 High2025-04-14
CVE-2024-13338 Webcraftic Clearfy – WordPress optimization plugin <= 2.3.1 - Cross-Site Request Forgery to Clear Cache — Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, DeferCWE-352 5.3 Medium2025-04-12
CVE-2024-13337 Webcraftic Clearfy – WordPress optimization plugin <= 2.3.2 - Cross-Site Request Forgery to Plugin Settings Update via 'setup-wbcr_clearfy' — Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, DeferCWE-352 4.3 Medium2025-04-12
CVE-2025-3282 User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Unauthenticated Membership Modification — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-639 5.3 Medium2025-04-12
CVE-2025-3292 User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Password Update — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-639 4.3 Medium2025-04-12
CVE-2025-2871 WordPress Mega Menu – QuadMenu <= 3.2.0 - Cross-Site Request Forgery to Limited User Meta Update — QuadMenu – Mega MenuCWE-352 4.3 Medium2025-04-12
CVE-2025-2841 Cart66 Cloud <= 2.3.7 - Unauthenticated Information Exposure — Cart66 Cloud :: WordPress Ecommerce The Easy WayCWE-200 5.3 Medium2025-04-12
CVE-2025-2881 Developer Toolbar <= 1.0.3 - Unauthenticated Information Exposure — Developer ToolbarCWE-200 5.3 Medium2025-04-12
CVE-2025-2269 Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.34 Reflected Cross-Site Scripting via 'image_id' Parameter — Photo Gallery by 10Web – Mobile-Friendly Image GalleryCWE-79 6.1 Medium2025-04-11
CVE-2023-42973 Apple iOS和Apple iPadOS 安全漏洞 — iOS and iPadOS 4.6AIMediumAI2025-04-11
CVE-2025-3421 Everest Forms <= 3.1.1 - Reflected Cross-Site Scripting — Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form BuilderCWE-79 6.1 Medium2025-04-11
CVE-2025-3439 Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress <= 3.1.1 - Unauthenticated PHP Object Injection — Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form BuilderCWE-502 9.8 Critical2025-04-11

Vulnerabilities classified as access:pre-auth represent 21352 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.