目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1336 CNY

100%

access:pre-auth 标签下的 CVE 漏洞 21363

access:pre-auth 类型相关 21363 条 CVE 漏洞,含 AI 中文分析、CVSS、参考链接与 POC。

“access:pre-auth”标签标识了无需身份验证即可触发的漏洞,涵盖18971个CVE。此类漏洞之所以关键,是因为攻击者无需凭证即可直接利用,极大降低了攻击门槛并扩大了潜在受害面。典型场景包括远程代码执行、未授权数据访问及拒绝服务攻击,常见于配置错误的API接口、默认凭证服务或存在逻辑缺陷的认证前处理模块,对系统安全性构成直接且严重的威胁。

CVE IDタイトルCVSS深刻度公開日
CVE-2024-9311 Cross-Site Request Forgery to XSS in haotian-liu/llava — haotian-liu/llavaCWE-352 8.1 -2025-03-20
CVE-2024-8055 Local File Read (LFI) by Prompt Injection via SnowFlake SQL in vanna-ai/vanna — vanna-ai/vannaCWE-89 9.1 -2025-03-20
CVE-2024-10907 Denial of Service (DoS) via Multipart Boundary in lm-sys/fastchat — lm-sys/fastchatCWE-835 7.5 -2025-03-20
CVE-2024-9056 Denial of Service in bentoml/bentoml — bentoml/bentomlCWE-770 7.5 -2025-03-20
CVE-2024-11172 Denial of Service in danny-avila/librechat — danny-avila/librechatCWE-248 7.5 -2025-03-20
CVE-2024-11169 Unhandled Exception Leading to Server Crash in danny-avila/librechat — danny-avila/librechatCWE-115 7.5 -2025-03-20
CVE-2024-10908 Open Redirect in lm-sys/fastchat — lm-sys/fastchatCWE-601 6.1 -2025-03-20
CVE-2024-7036 Denial of Service in open-webui/open-webui — open-webui/open-webuiCWE-400 7.5 -2025-03-20
CVE-2024-10707 Local File Inclusion in gaizhenbiao/chuanhuchatgpt — gaizhenbiao/chuanhuchatgptCWE-22 7.5 -2025-03-20
CVE-2024-10190 Unauthenticated Remote Code Execution in ElasticRendezvousHandler in horovod/horovod — horovod/horovodCWE-502 9.8 -2025-03-20
CVE-2024-10935 Unauthenticated DoS via Multipart Boundary in automatic1111/stable-diffusion-webui — automatic1111/stable-diffusion-webuiCWE-770 7.5 -2025-03-20
CVE-2024-10829 Denial of Service (DoS) via Multipart Boundary in eosphoros-ai/db-gpt — eosphoros-ai/db-gptCWE-835 7.5 -2025-03-20
CVE-2024-9362 Directory Traversal in polyaxon/polyaxon — polyaxon/polyaxonCWE-22 7.5 -2025-03-20
CVE-2024-8249 Unauthenticated Denial of Service (DoS) in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-248 7.5 -2025-03-20
CVE-2024-12039 Improper Restriction of Excessive Authentication Attempts in langgenius/dify — langgenius/difyCWE-307 9.8 -2025-03-20
CVE-2024-11044 Open Redirect in automatic1111/stable-diffusion-webui — automatic1111/stable-diffusion-webuiCWE-601 6.1 -2025-03-20
CVE-2024-8984 Denial of Service (DoS) in berriai/litellm — berriai/litellmCWE-770 7.5 -2025-03-20
CVE-2024-10821 Denial of Service (DoS) in invoke-ai/invokeai — invoke-ai/invokeaiCWE-835 7.5 -2025-03-20
CVE-2024-12537 Unauthenticated Denial of Service in open-webui/open-webui — open-webui/open-webuiCWE-770 7.5 -2025-03-20
CVE-2024-10553 Jdbc Deserialization in h2oai/h2o-3 — h2oai/h2o-3CWE-502 9.8 -2025-03-20
CVE-2024-9340 Denial of Service (DoS) via Multipart Boundary in zenml-io/zenml — zenml-io/zenmlCWE-835 7.5 -2025-03-20
CVE-2024-10713 Denial of Service (DoS) via Multipart Request in szad670401/hyperlpr — szad670401/hyperlprCWE-770 7.5 -2025-03-20
CVE-2025-2505 Age Gate <= 3.5.3 - Unauthenticated Local PHP File Inclusion via 'lang' — Age GateCWE-22 9.8 Critical2025-03-20
CVE-2025-1766 Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.24 - Missing Authorization to Unauthenticated Payment Status Update — Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered)CWE-862 5.3 Medium2025-03-20
CVE-2025-1314 Custom Twitter Feeds <= 2.2.5 - Cross-Site Request Forgery to Cache Reset via ctf_clear_cache_admin Function — Custom Twitter Feeds – A Tweets Widget or X Feed WidgetCWE-352 4.3 Medium2025-03-20
CVE-2025-0431 Enterprise Protection Backslash URL Rewrite Bypass — Enterprise ProtectionCWE-790 5.8 Medium2025-03-19
CVE-2025-2512 File Away <= 3.9.9.0.1 - Missing Authorization to Unauthenticated File Upload via upload Function — File AwayCWE-434 9.8 Critical2025-03-19
CVE-2024-13442 Service Finder Bookings <= 5.0 - Unauthenticated Privilege Escalation via Account Takeover — Service Finder BookingsCWE-288 9.8 Critical2025-03-19
CVE-2024-13933 FoodBakery | Delivery Restaurant Directory WordPress Theme <= 4.7 - Cross-Site Request Forgery in Multiple Functions — FoodBakery | Delivery Restaurant Directory WordPress ThemeCWE-352 8.8 High2025-03-19
CVE-2024-13790 MinimogWP – The High Converting eCommerce WordPress Theme <= 3.7.0 - Unauthenticated Local PHP File Inclusion — MinimogWP – The High Converting eCommerce WordPress ThemeCWE-98 9.8 Critical2025-03-19

access:pre-auth 是常见的弱点类别,本平台收录该类弱点关联的 21363 条 CVE 漏洞。