Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

access:pre-auth — CVE vulnerabilities tagged 21457

21457 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2023-43958 Hospital Management System 安全漏洞 — n/a 9.8 -2025-04-22
CVE-2025-28032 TOTOLINK多款产品 安全漏洞 — n/a 9.8 -2025-04-22
CVE-2025-28033 TOTOLINK多款产品 安全漏洞 — n/a 9.8 -2025-04-22
CVE-2025-28034 TOTOLINK多款产品 安全漏洞 — n/a 9.8 -2025-04-22
CVE-2025-28035 TOTOLINK A830R 安全漏洞 — n/a 8.1 -2025-04-22
CVE-2025-28036 TOTOLINK A950RG 安全漏洞 — n/a 8.1 -2025-04-22
CVE-2025-28037 TOTOLINK A950RG和TOTOLINK A810R 安全漏洞 — n/a 8.1 -2025-04-22
CVE-2025-28038 TOTOLINK EX1200T 安全漏洞 — n/a 8.1 -2025-04-22
CVE-2025-28039 TOTOLINK EX1200T 安全漏洞 — n/a 8.1 -2025-04-22
CVE-2025-43919 GNU Mailman 安全漏洞 — MailmanCWE-24 5.8 Medium2025-04-20
CVE-2025-43920 GNU Mailman 安全漏洞 — MailmanCWE-78 5.4 Medium2025-04-20
CVE-2025-43921 GNU Mailman 安全漏洞 — MailmanCWE-863 5.3 Medium2025-04-20
CVE-2021-4455 Wordpress Plugin Smart Product Review <= 1.0.4 - Unauthenticated Arbitrary File Upload — Wordpress Plugin Smart Product ReviewCWE-434 9.8 Critical2025-04-19
CVE-2025-3809 Debug Log Manager <= 2.3.4 - Unauthenticated Stored Cross-Site Scripting — Debug Log Manager – Conveniently Monitor and Inspect ErrorsCWE-79 7.2 High2025-04-19
CVE-2025-2111 WP Headers And Footers <= 3.1.1 - Cross-Site Request Forgery to Arbitrary Options Update — Insert Headers And FootersCWE-352 7.5 High2025-04-19
CVE-2025-3103 CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon <= 2.4 - Unauthenticated Arbitrary File Read — CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget AddonCWE-73 7.5 High2025-04-19
CVE-2025-1093 AIHub <= 1.3.7 - Unauthenticated Arbitrary File Upload in generate_image — AI Hub - Startup & Technology WordPress ThemeCWE-434 9.8 Critical2025-04-19
CVE-2025-2010 JobWP – Job Board, Job Listing, Career Page and Recruitment Plugin <= 2.3.9 - Unauthenticated SQL Injection — JobWP – Job Board, Job Listing, Career Page and Recruitment PluginCWE-89 7.5 High2025-04-19
CVE-2025-3278 UrbanGo Membership <= 1.0.4 - Unauthenticated Privilege Escalation — UrbanGo MembershipCWE-269 9.8 Critical2025-04-19
CVE-2025-3284 User Registration & Membership PRO – Custom Registration Form, Login Form, and User Profile <= 5.1.3 - Cross-Site Request Forgery to User Deletion — User Registration PRO – Custom Registration Form, Login Form, and User Profile WordPress PluginCWE-352 4.3 Medium2025-04-19
CVE-2025-32377 Rasa Pro Missing Authentication For Voice Connector APIs — rasa-pro-security-advisoriesCWE-306 6.5 Medium2025-04-18
CVE-2025-31120 NamelessMC Vulnerable to Cookie-Based View Count Manipulation — NamelessCWE-565 5.3 Medium2025-04-18
CVE-2025-3598 Coupon Affiliates – Affiliate Plugin for WooCommerce <= 6.3.0 - Reflected Cross-Site Scripting via 'commission_summary' Parameter — Coupon Affiliates – Affiliate Plugin for WooCommerceCWE-79 6.1 Medium2025-04-18
CVE-2025-42599 QUALITIA Active! mail 安全漏洞 — Active! mail 6CWE-121 9.8 -2025-04-18
CVE-2025-28232 JMBroadcast JMB0150 Firmware 安全漏洞 — n/a 9.8 -2025-04-18
CVE-2024-42178 HCL MyXalytics is affected by a failure to restrict URL access vulnerability — HCL MyXalyticsCWE-288 2.5 Low2025-04-17
CVE-2025-26478 Dell ECS 信任管理问题漏洞 — ECSCWE-295 3.1 Low2025-04-17
CVE-2025-3479 Forminator <= 1.42.0 - Order Replay Vulnerability — Forminator Forms – Contact Form, Payment Form & Custom Form BuilderCWE-354 5.3 Medium2025-04-17
CVE-2025-3453 Password Protected – Password Protect your WordPress Site, Pages, & WooCommerce Products <= 2.7.7 - Unauthenticated Sensitive Information Exposure — Password Protected — Lock Entire Site, Pages, Posts, Categories, and Partial ContentCWE-863 5.3 Medium2025-04-17
CVE-2025-29931 Siemens TeleControl Server Basic 安全漏洞 — TeleControl Server BasicCWE-130 3.7 Low2025-04-17

Vulnerabilities classified as access:pre-auth represent 21457 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.