Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

access:pre-auth — CVE vulnerabilities tagged 21457

21457 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2024-13925 Klarna Checkout for WooCommerce < 2.13.5 - DoS via Excessive Logging — Klarna Checkout for WooCommerce 7.5AIHighAI2025-04-17
CVE-2025-29662 LandChat 安全漏洞 — n/a 9.8AICriticalAI2025-04-17
CVE-2025-32433 Erlang/OTP SSH Vulnerable to Pre-Authentication RCE — otpCWE-306 10.0 Critical2025-04-16
CVE-2025-27540 Siemens TeleControl Server Basic SQL注入漏洞 — TeleControl Server BasicCWE-89 9.8 Critical2025-04-16
CVE-2025-27539 Siemens TeleControl Server Basic SQL注入漏洞 — TeleControl Server BasicCWE-89 9.8 Critical2025-04-16
CVE-2025-27495 Siemens TeleControl Server Basic SQL注入漏洞 — TeleControl Server BasicCWE-89 9.8 Critical2025-04-16
CVE-2025-20236 Cisco Webex App Client-Side Remote Code Execution Vulnerability — Cisco Webex TeamsCWE-829 8.8 High2025-04-16
CVE-2025-20150 Cisco Nexus Dashboard Username Enumeration Vulnerability — Cisco Nexus DashboardCWE-209 5.3 Medium2025-04-16
CVE-2025-3104 WP Staging Pro <= 6.1.2 - Unauthenticated Information Exposure via getOutdatedPluginsRequest Function — WP STAGING Pro WordPress Backup PluginCWE-200 5.3 Medium2025-04-16
CVE-2025-3247 Contact Form 7 <= 6.0.5 - Order Replay Vulnerability — Contact Form 7CWE-354 5.3 Medium2025-04-16
CVE-2024-13452 Contact Form by Supsystic <= 1.7.29 - Cross-Site Request Forgery to Stored Cross-Site Scripting via saveAsCopy AJAX Action — Contact Form by SupsysticCWE-79 6.1 Medium2025-04-16
CVE-2024-53304 LRQA Nettitude PoshC2 安全漏洞 — n/a 9.8AICriticalAI2025-04-16
CVE-2024-55372 Wallos 安全漏洞 — n/a 9.8AICriticalAI2025-04-16
CVE-2025-27929 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portalCWE-639 5.3 Medium2025-04-15
CVE-2025-24315 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portalCWE-639 5.3 Medium2025-04-15
CVE-2025-27561 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portalCWE-639 5.3 Medium2025-04-15
CVE-2025-30257 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portalCWE-639 5.3 Medium2025-04-15
CVE-2025-31147 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portalCWE-639 5.3 Medium2025-04-15
CVE-2025-31360 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portalCWE-639 6.5 Medium2025-04-15
CVE-2025-30512 Growatt Cloud portal External Control of System or Configuration Setting — Cloud portalCWE-15 6.5 Medium2025-04-15
CVE-2025-27927 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portalCWE-639 5.3 Medium2025-04-15
CVE-2025-25276 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portalCWE-639 5.3 Medium2025-04-15
CVE-2025-27565 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portalCWE-639 5.3 Medium2025-04-15
CVE-2025-27575 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portalCWE-639 5.3 Medium2025-04-15
CVE-2025-31950 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portalCWE-639 5.3 Medium2025-04-15
CVE-2025-31945 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portalCWE-639 5.3 Medium2025-04-15
CVE-2025-26857 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portalCWE-639 5.3 Medium2025-04-15
CVE-2025-27719 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portalCWE-639 5.3 Medium2025-04-15
CVE-2025-30514 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portalCWE-639 5.3 Medium2025-04-15
CVE-2025-27938 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portalCWE-639 5.3 Medium2025-04-15

Vulnerabilities classified as access:pre-auth represent 21457 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.