Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19065

19065 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2026-34230 Rack: Quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header — rackCWE-400 5.3 Medium2026-04-02
CVE-2026-33951 signalk-server: Unauthenticated Source Priorities Manipulation — signalk-serverCWE-284 7.5AIHighAI2026-04-02
CVE-2026-33950 signalk-server: Privilege Escalation by Admin Role Injection via /enableSecurity — signalk-serverCWE-285 9.4 Critical2026-04-02
CVE-2026-34973 phpMyFAQ has a LIKE Wildcard Injection in Search.php — Unescaped % and _ Metacharacters Enable Broad Content Disclosure — phpMyFAQCWE-943 8.2AIHighAI2026-04-02
CVE-2026-32629 phpMyFAQ: Stored XSS via Unsanitized Email Field in Admin FAQ Editor — phpMyFAQCWE-20 6.1AIMediumAI2026-04-02
CVE-2026-26927 URL (HTTP Origin) call location spoofing in Szafir SDK Web — Szafir SDK WebCWE-348 8.1AIHighAI2026-04-02
CVE-2026-29782 OpenSTAManager: Remote Code Execution via Insecure Deserialization in OAuth2 — openstamanagerCWE-502 7.2 High2026-04-02
CVE-2026-2699 EAR vulnerability in Progress ShareFile Storage Zones Controller (SZC) — ShareFile Storage Zones ControllerCWE-698 9.8 Critical2026-04-02
CVE-2026-4282 Keycloak: keycloak: privilege escalation via forged authorization codes due to singleuseobjectprovider isolation flaw — Red Hat build of Keycloak 26.2CWE-653 7.4 High2026-04-02
CVE-2026-4634 Keycloak: keycloak: denial of service via excessive processing of openid connect scope parameters — Red Hat build of Keycloak 26.2CWE-1050 7.5 High2026-04-02
CVE-2026-32145 Multipart form body parser bypasses body size limits in wisp — wispCWE-770 7.5 -2026-04-02
CVE-2026-33617 MB connect line mbCONNECT24 vulnerable to an unauthenticated information disclosure in the data24 Endpoint — mbCONNECT24CWE-497 5.3 Medium2026-04-02
CVE-2026-33616 MB connect line mbCONNECT24 vulnerable to an unauthenticated SQL injection in the mb24api Endpoint — mbCONNECT24CWE-89 7.5 High2026-04-02
CVE-2026-33615 MB connect line mbCONNECT24 vulnerable to an unauthenticated SQL injection in the setinfo Endpoint — mbCONNECT24CWE-89 9.1 Critical2026-04-02
CVE-2026-33614 MB connect line mbCONNECT24 vulnerable to an unauthenticated SQL injection in the getinfo endpoint — mbCONNECT24CWE-89 7.5 High2026-04-02
CVE-2026-0686 Webmention <= 5.6.2 - Unauthenticated Blind Server-Side Request Forgery — WebmentionCWE-918 7.2 High2026-04-02
CVE-2026-5032 W3 Total Cache <= 2.9.3 - Unauthenticated Security Token Exposure via User-Agent Header — W3 Total CacheCWE-200 7.5 High2026-04-02
CVE-2026-4347 MW WP Form <= 5.1.0 - Unauthenticated Arbitrary File Move via move_temp_file_to_upload_dir — MW WP FormCWE-22 8.1 High2026-04-02
CVE-2026-34530 File Browser is vulnerable to Stored Cross-Site Scripting via text/template branding injection — filebrowserCWE-79 6.9 Medium2026-04-01
CVE-2026-34528 File Browser's Signup Grants Execution Permissions When Default Permissions Includes Execution — filebrowserCWE-269 8.1 High2026-04-01
CVE-2026-1345 Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access — Verify Identity Access ContainerCWE-78 7.3 High2026-04-01
CVE-2026-34751 Payload has Unvalidated Input in Password Recovery Endpoints — payloadCWE-472 9.1 Critical2026-04-01
CVE-2026-34376 PdfDing: Password-protected share bypass via direct serve endpoint — PdfDingCWE-863 7.5 High2026-04-01
CVE-2026-34159 llama.cpp: Unauthenticated RCE via GRAPH_COMPUTE buffer=0 bypass in llama.cpp RPC backend — llama.cppCWE-119 9.8 Critical2026-04-01
CVE-2026-34076 Clerk JavaScript: SSRF in the opt-in clerkFrontendApiProxy feature may leak secret keys to unintended host — javascriptCWE-918 7.4 High2026-04-01
CVE-2026-34072 cronmaster: Middleware authentication bypass enabling unauthorized page access and server-action execution — cronmasterCWE-287 8.3 High2026-04-01
CVE-2026-20160 Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability — Cisco Smart Software Manager On-PremCWE-668 9.8 Critical2026-04-01
CVE-2026-20093 Cisco Integrated Management Controller Authentication Bypass Vulnerability — Cisco Enterprise NFV Infrastructure SoftwareCWE-20 9.8 Critical2026-04-01
CVE-2026-20085 Cisco Integrated Management Controller Cross-Site Scripting Vulnerability — Cisco Enterprise NFV Infrastructure SoftwareCWE-79 6.1 Medium2026-04-01
CVE-2026-20041 Cisco Nexus Dashboard Server Side Request Forgery Vulnerability — Cisco Nexus DashboardCWE-918 6.1 Medium2026-04-01

Vulnerabilities classified as access:pre-auth represent 19065 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.