目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1336 CNY

100%

access:pre-auth 标签下的 CVE 漏洞 21363

access:pre-auth 类型相关 21363 条 CVE 漏洞,含 AI 中文分析、CVSS、参考链接与 POC。

“access:pre-auth”标签标识了无需身份验证即可触发的漏洞,涵盖18971个CVE。此类漏洞之所以关键,是因为攻击者无需凭证即可直接利用,极大降低了攻击门槛并扩大了潜在受害面。典型场景包括远程代码执行、未授权数据访问及拒绝服务攻击,常见于配置错误的API接口、默认凭证服务或存在逻辑缺陷的认证前处理模块,对系统安全性构成直接且严重的威胁。

CVE IDタイトルCVSS深刻度公開日
CVE-2025-2237 WP RealEstate <= 1.6.26 - Unauthenticated Privilege Escalation via 'process_register' — WP RealEstateCWE-269 9.8 Critical2025-04-01
CVE-2024-13553 SMS Alert Order Notifications – WooCommerce <= 3.7.9 - Unauthenticated Account Takeover/Privilege Escalation — SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart RecoveryCWE-288 9.8 Critical2025-04-01
CVE-2025-27130 Welcart e-Commerce 代码问题漏洞 — Welcart e-CommerceCWE-502 9.8 -2025-04-01
CVE-2024-12278 Booster for WooCommerce <= 7.2.4 - Unauthenticated Stored Cross-Site Scripting — Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ ToolsCWE-79 7.2 High2025-04-01
CVE-2024-13567 Awesome Support – WordPress HelpDesk & Support Plugin <= 6.3.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory — Awesome Support – WordPress HelpDesk & Support PluginCWE-200 7.5 High2025-04-01
CVE-2025-31194 Apple macOS 安全漏洞 — macOS 9.8 -2025-03-31
CVE-2025-30428 Apple iOS和Apple iPadOS 安全漏洞 — iOS and iPadOS 5.3 -2025-03-31
CVE-2025-2794 Kentico Xperience <= 13.0.180 Unsafe Reflection — XperienceCWE-470 7.5 -2025-03-31
CVE-2025-2586 Ols: unauthenticated metrics flooding in openshift lightspeed service leading to resource exhaustion CWE-400 7.5 High2025-03-31
CVE-2025-2402 Hard-coded password for object store of KNIME Business Hub — KNIME Business HubCWE-259 9.8 -2025-03-31
CVE-2025-0613 Photo Gallery < 1.8.34 - Unauthenticated Stored XSS — Photo Gallery by 10Web 6.1 -2025-03-31
CVE-2025-24517 Inaba Denki Sangyo CHOCO TEI WATCHER mini 安全漏洞 — CHOCO TEI WATCHER mini (IB-MCT001)CWE-603 7.5 High2025-03-31
CVE-2025-3011 PiExtract SOOP-CLM - SQL Injection — SOOP-CLMCWE-89 9.8 Critical2025-03-31
CVE-2025-29266 Unraid 安全漏洞 — UnraidCWE-289 9.6 Critical2025-03-31
CVE-2024-13804 Hewlett Packard Enterprise Insight Cluster Management Utility 安全漏洞 — HPE Insight Cluster Management Utility (CMU) 8.8 -2025-03-30
CVE-2024-13557 Shortcodes by United Themes <= 5.1.6 - Unauthenticated Arbitrary Shortcode Execution — Shortcodes by United ThemesCWE-94 6.5 Medium2025-03-29
CVE-2025-2006 Inline Image Upload for BBPress <= 1.1.19 - Authenticated (Subscriber+) Arbitrary File Upload — Inline Image Upload for BBPressCWE-434 8.8 High2025-03-29
CVE-2025-2266 Checkout Mestres do WP for WooCommerce 8.6.5 - 8.7.5 - Unauthenticated Arbitrary Options Update — Checkout Mestres do WP for WooCommerceCWE-862 9.8 Critical2025-03-29
CVE-2025-2803 So-Called Air Quotes <= 0.1 - Unauthenticated Arbitrary Shortcode Execution — So-Called Air QuotesCWE-94 7.3 High2025-03-29
CVE-2025-2840 DAP to Autoresponders Email Syncing <= 1.0 - Unauthenticated Information Exposure — DAP to Autoresponders Email SyncingCWE-200 5.3 Medium2025-03-29
CVE-2025-2863 Cross-site request forgery (CSRF) vulnerability in saTECH BCU — saTECH BCUCWE-352 8.8 -2025-03-28
CVE-2021-24008 Fortinet多款产品 信息泄露漏洞 — FortiDDoSCWE-200 5.0 Medium2025-03-28
CVE-2025-1705 tagDiv Composer <= 5.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting — tagDiv ComposerCWE-79 6.1 Medium2025-03-28
CVE-2025-2578 Booking for Appointments and Events Calendar – Amelia <= 1.2.19 - Unauthenticated Full Path Disclosure — Booking for Appointments and Events Calendar – AmeliaCWE-200 5.3 Medium2025-03-28
CVE-2025-2485 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated PHP Object Injection via PHAR to Arbitrary File Deletion — Drag and Drop Multiple File Upload for Contact Form 7CWE-502 7.5 High2025-03-28
CVE-2025-2328 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated Arbitrary File Deletion — Drag and Drop Multiple File Upload for Contact Form 7CWE-22 8.8 High2025-03-28
CVE-2025-2804 tagDiv Composer <= 5.3 - Reflected Cross-Site Scripting via 'account_id' and 'account_username' — tagDiv ComposerCWE-79 6.1 Medium2025-03-28
CVE-2025-2294 Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion — Kubio AI Page BuilderCWE-22 9.8 Critical2025-03-28
CVE-2025-24381 Dell Unity 输入验证错误漏洞 — UnityCWE-601 8.8 High2025-03-28
CVE-2024-49601 Dell Unity 操作系统命令注入漏洞 — UnityCWE-78 7.3 High2025-03-28

access:pre-auth 是常见的弱点类别,本平台收录该类弱点关联的 21363 条 CVE 漏洞。