目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1336 CNY

100%

access:pre-auth 标签下的 CVE 漏洞 21354

access:pre-auth 类型相关 21354 条 CVE 漏洞,含 AI 中文分析、CVSS、参考链接与 POC。

“access:pre-auth”标签标识了无需身份验证即可触发的漏洞,涵盖18971个CVE。此类漏洞之所以关键,是因为攻击者无需凭证即可直接利用,极大降低了攻击门槛并扩大了潜在受害面。典型场景包括远程代码执行、未授权数据访问及拒绝服务攻击,常见于配置错误的API接口、默认凭证服务或存在逻辑缺陷的认证前处理模块,对系统安全性构成直接且严重的威胁。

CVE IDタイトルCVSS深刻度公開日
CVE-2025-30016 Authentication Bypass Vulnerability in SAP Financial Consolidation — SAP Financial ConsolidationCWE-921 9.8 Critical2025-04-08
CVE-2025-27435 Information Disclosure Vulnerability in SAP Commerce Cloud — SAP Commerce CloudCWE-862 4.2 Medium2025-04-08
CVE-2025-26657 Information Disclosure vulnerability in SAP KMC WPC — SAP KMC WPCCWE-862 5.3 Medium2025-04-08
CVE-2025-3428 3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'coating_text' — 3DPrint LiteCWE-89 4.9 Medium2025-04-08
CVE-2025-3429 3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'material_text' — 3DPrint LiteCWE-89 4.9 Medium2025-04-08
CVE-2025-3430 3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'printer_text' — 3DPrint LiteCWE-89 4.9 Medium2025-04-08
CVE-2025-3427 3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'infill_text' — 3DPrint LiteCWE-89 4.9 Medium2025-04-08
CVE-2025-0361 AXIS OS 安全漏洞 — AXIS OSCWE-203 4.3 Medium2025-04-08
CVE-2025-2004 Simple WP Events <= 1.8.17 - Unauthenticated Arbitrary File Deletion — Simple WP EventsCWE-73 9.1 Critical2025-04-08
CVE-2024-13820 Melhor Envio <= 2.15.11 - Unauthenticated Sensitive Information Exposure via Hardcoded Hash — Melhor EnvioCWE-200 5.3 Medium2025-04-08
CVE-2025-3363 HGiga iSherlock - OS Command Injection — iSherlock 4.5CWE-78 9.8 Critical2025-04-08
CVE-2025-3362 HGiga iSherlock - OS Command Injection — iSherlock 4.5CWE-78 9.8 Critical2025-04-08
CVE-2025-3361 HGiga iSherlock - OS Command Injection — iSherlock 4.5CWE-78 9.8 Critical2025-04-08
CVE-2025-2526 Streamit <= 4.0.2 - Authenticated (Subscriber+) Privilege Escalation via User Email Change/Account Takeover — StreamitCWE-639 8.8 High2025-04-08
CVE-2025-0942 Jalios JPlatform 10 SP6 < 10.0.6 Record Chooser SQL Injection — JPlatformCWE-89 8.6 High2025-04-07
CVE-2025-3248 Langflow < 1.3.0 Unauthenticated RCE via /api/v1/validate/code — langflowCWE-306 9.8 Critical2025-04-07
CVE-2025-31492 mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data — mod_auth_openidcCWE-200 7.5AIHighAI2025-04-06
CVE-2025-32370 Kentico Xperience 安全漏洞 — XperienceCWE-912 7.2 High2025-04-06
CVE-2025-2941 Drag and Drop Multiple File Upload for WooCommerce <= 1.1.4 - Unauthenticated Arbitrary File Move — Drag and Drop Multiple File Upload for WooCommerceCWE-22 9.8 Critical2025-04-05
CVE-2025-2789 MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.19 - Missing Authorization to Unauthenticated Table Rates Deletion — MultiVendorX – WooCommerce Multivendor Marketplace SolutionsCWE-862 5.3 Medium2025-04-05
CVE-2024-13604 KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin <= 1.7.4 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory — KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base PluginCWE-200 7.5 High2025-04-05
CVE-2025-0810 Read More & Accordion <= 3.4.7 - Cross-Site Request Forgery to Local File Inclusion — Read More & AccordionCWE-352 7.5 High2025-04-05
CVE-2021-47667 ZendTo 安全漏洞 — ZendToCWE-78 10.0 Critical2025-04-05
CVE-2025-27520 BentoML Allows Remote Code Execution (RCE) via Insecure Deserialization — BentoMLCWE-502 9.8 Critical2025-04-04
CVE-2025-2798 Woffice <= 5.4.21 - Authentication Bypass via Registration Role — Woffice CRMCWE-269 9.8 Critical2025-04-04
CVE-2025-2797 Woffice Core <= 5.4.21 - Cross-Site Request Forgery to User Registration Approval — Woffice CoreCWE-352 5.4 Medium2025-04-04
CVE-2024-13708 Booster for WooCommerce 4.0.1 - 7.2.4 - Unauthenticated Stored Cross-Site Scripting — Booster for WooCommerceCWE-434 7.2 High2025-04-04
CVE-2025-2270 Countdown, Coming Soon, Maintenance – Countdown & Clock <= 2.8.9.1 - Unauthenticated Limited Local File Inclusion — Countdown, Coming Soon, Maintenance – Countdown & ClockCWE-22 8.1 High2025-04-04
CVE-2024-13645 TagDiv Composer <= 5.3 - Unauthenticated Arbitrary PHP Object Instantiation — tagDiv ComposerCWE-94 9.8 Critical2025-04-04
CVE-2025-2317 Product Filter by WBW <= 2.7.9 - Unauthenticated SQL Injection via filtersDataBackend Parameter — Product Filter for WooCommerce by WBWCWE-89 7.5 High2025-04-04

access:pre-auth 是常见的弱点类别,本平台收录该类弱点关联的 21354 条 CVE 漏洞。