Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

access:pre-auth — CVE vulnerabilities tagged 21368

21368 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2024-10942 All in One WP Migration <= 7.89 - Unauthenticated PHP Object Injection — All-in-One WP Migration and BackupCWE-502 7.5 High2025-03-13
CVE-2025-21104 Dell NetWorker 输入验证错误漏洞 — NetWorkerCWE-601 4.3 Medium2025-03-13
CVE-2025-29994 Improper Authentication Vulnerability in CAP back office application — CAP back office applicationCWE-1390 8.2 -2025-03-13
CVE-2025-1119 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.8.5 - Unauthenticated Arbitrary Shortcode Execution — Appointment Booking Calendar — Simply Schedule Appointments Booking PluginCWE-94 7.3 High2025-03-13
CVE-2025-1561 AppPresser – Mobile App Framework <= 4.4.10 - Unauthenticated Stored Cross-Site Scripting — AppPresser – Mobile App FrameworkCWE-79 7.2 High2025-03-13
CVE-2024-13887 Business Directory Plugin - Easy Listing Directories for WordPress <= 6.4.14 - Insecure Direct Object Reference to Listing Arbitrary Image Addition — Business Directory Plugin – Easy Listing Directories for WordPressCWE-639 5.3 Medium2025-03-13
CVE-2025-2107 Arielbrailovsky-Viralad <= 1.0.8 - Unauthenticated SQL Injection — ArielBrailovsky-ViralAdCWE-89 7.5 High2025-03-13
CVE-2025-2106 Arielbrailovsky-Viralad <= 1.0.8 - Unauthenticated SQL Injection — ArielBrailovsky-ViralAdCWE-89 7.5 High2025-03-13
CVE-2024-28803 Italtel i-MCS NFV 安全漏洞 — n/a 6.1 -2025-03-13
CVE-2025-0116 PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted LLDP Frame — PAN-OSCWE-754 6.5 -2025-03-12
CVE-2025-0114 PAN-OS: Denial of Service (DoS) in GlobalProtect — PAN-OSCWE-400 7.5 -2025-03-12
CVE-2025-20209 Cisco IOS XR Software Internet Key Exchange Version 2 Denial of Service Vulnerability — Cisco IOS XR SoftwareCWE-770 7.5 High2025-03-12
CVE-2025-20146 Cisco IOS XR Software for ASR 9000 Series Routers Layer 3 Multicast Routing Denial of Service Vulnerability — Cisco IOS XR SoftwareCWE-20 8.6 High2025-03-12
CVE-2025-20145 Cisco IOS XR Software Access Control List Bypass Vulnerability — Cisco IOS XR SoftwareCWE-264 5.8 Medium2025-03-12
CVE-2025-20144 Cisco IOS XR Software Access Control List Bypass Vulnerability — Cisco IOS XR SoftwareCWE-284 4.0 Medium2025-03-12
CVE-2025-20142 Cisco IOS XR Software for ASR 9000 Series Routers L2VPN Denial of Service Vulnerability — Cisco IOS XR SoftwareCWE-20 8.6 High2025-03-12
CVE-2025-20141 Cisco IOS XR Software Release 7.9.2 Denial of Service Vulnerabillity — Cisco IOS XR SoftwareCWE-770 7.4 High2025-03-12
CVE-2025-20115 Cisco IOS XR Software Border Gateway Protocol Denial of Service Vulnerability — Cisco IOS XR SoftwareCWE-120 8.6 High2025-03-12
CVE-2024-10838 Integer Underflow in DDS_Security_Deserialize_ methods may lead to OOB read — Eclipse Cyclone DDSCWE-191 9.1 -2025-03-12
CVE-2024-13870 Unauthenticated Firmware Downgrade in Bitdefender Box v1 — BOX v1CWE-1328 5.3 -2025-03-12
CVE-2024-13871 Unauthenticated Command Injection in Bitdefender BOX v1 — BOX v1CWE-77 8.8 -2025-03-12
CVE-2024-13872 Bitdefender Box Insecure Update Mechanism Vulnerability in libboxhermes.so — BOX v1CWE-319 7.5 -2025-03-12
CVE-2024-13446 Workreap <= 3.2.5 - Unauthenticated Privilege Escalation via Account Takeover — WorkreapCWE-288 9.8 Critical2025-03-12
CVE-2024-13498 NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.8.1 - Unauthenticated Sensitive Information Exposure — NEX-Forms – Ultimate Forms Plugin for WordPressCWE-200 5.3 Medium2025-03-12
CVE-2025-2077 Simple Amazon Affiliate <= 1.0.9 - Reflected Cross-Site Scripting — Simple Amazon AffiliateCWE-79 6.1 Medium2025-03-12
CVE-2025-25683 AlekSIS-Core 安全漏洞 — n/a 5.3 -2025-03-12
CVE-2023-48790 Fortinet FortiNDR 跨站请求伪造漏洞 — FortiNDRCWE-352 7.1 High2025-03-11
CVE-2024-52285 Siemens SiPass Integrated 访问控制错误漏洞 — SiPass integrated AC5102 (ACC-G2)CWE-306 5.3 Medium2025-03-11
CVE-2024-13413 ProductDyno <= 1.0.24 - Reflected Cross-Site Scripting via 'res' Parameter — ProductDynoCWE-79 6.1 Medium2025-03-11
CVE-2024-13436 Appsero Helper <= 1.3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Appsero HelperCWE-352 6.1 Medium2025-03-11

Vulnerabilities classified as access:pre-auth represent 21368 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.