access:pre-auth 标签下的 CVE 漏洞 19065

access:pre-auth 类型相关 19065 条 CVE 漏洞，含 AI 中文分析、CVSS、参考链接与 POC。

“access:pre-auth”标签标识了无需身份验证即可触发的漏洞，涵盖18971个CVE。此类漏洞之所以关键，是因为攻击者无需凭证即可直接利用，极大降低了攻击门槛并扩大了潜在受害面。典型场景包括远程代码执行、未授权数据访问及拒绝服务攻击，常见于配置错误的API接口、默认凭证服务或存在逻辑缺陷的认证前处理模块，对系统安全性构成直接且严重的威胁。

CVE ID	タイトル	CVSS	深刻度	公開日
CVE-2026-2265	Replicator 1.0.5 is vulnerable to Remote Code Execution through Insecure Deserialization — Replicator	9.8^AI	Critical^AI	2026-04-01
CVE-2026-33949	@tinacms/graphql has Path Traversal that leads to overwrite of arbitrary files — tinacmsCWE-22	8.1	High	2026-04-01
CVE-2026-34999	OpenViking 0.2.5 < 0.2.14 Bot Proxy Endpoints Allow Unauthenticated Access — OpenVikingCWE-306	5.3	Medium	2026-04-01
CVE-2026-35092	Corosync: corosync: denial of service via integer overflow in join message validation — Red Hat Enterprise Linux 10CWE-190	7.5	High	2026-04-01
CVE-2026-35091	Corosync: corosync: denial of service and information disclosure via crafted udp packet — Red Hat Enterprise Linux 10CWE-253	8.2	High	2026-04-01
CVE-2026-29014	MetInfo CMS Unauthenticated PHP Code Injection RCE — MetInfo CMSCWE-94	9.8	Critical	2026-04-01
CVE-2026-0932	M-Files Server 安全漏洞 — M-Files ServerCWE-918	8.2^AI	High^AI	2026-04-01
CVE-2026-4370	Improper TLS Client/Server authentication and certificate verification on Database Cluster — JujuCWE-295	10.0	Critical	2026-04-01
CVE-2026-2696	Export All URLs < 5.1 - Unauthenticated Sensitive Data Exposure — Export All URLs	7.5^AI	High^AI	2026-04-01
CVE-2025-15484	Order Notification for WooCommerce < 3.6.3 - Unauthenticated WooCommerce REST Permission Bypass — Order Notification for WooCommerce	9.1^AI	Critical^AI	2026-04-01
CVE-2025-67805	Sage DPW 安全漏洞 — n/a	5.9	Medium	2026-04-01
CVE-2026-34605	SiYuan: Reflected XSS via SVG namespace prefix bypass in SanitizeSVG ( getDynamicIcon, unauthenticated ) — siyuanCWE-79	6.1	-	2026-03-31
CVE-2026-34453	SiYuan: Broken access control in /api/bookmark/getBookmark allows unauthenticated publish visitors to read password-protected bookmarked content — siyuanCWE-863	7.5	High	2026-03-31
CVE-2026-34733	AVideo: Unauthenticated File Deletion via PHP Operator Precedence Bug in CLI Guard — AVideoCWE-284	6.5	Medium	2026-03-31
CVE-2026-34732	AVideo: Missing Authentication in CreatePlugin list.json.php Template Affects 21 Endpoints — AVideoCWE-306	5.3	Medium	2026-03-31
CVE-2026-34731	AVideo: Unauthenticated Live Stream Termination via RTMP Callback on_publish_done.php — AVideoCWE-306	7.5	High	2026-03-31
CVE-2026-34381	Admidio: Unauthenticated Access to Role-Restricted documents via neutralized .htaccess — admidioCWE-284	7.5	High	2026-03-31
CVE-2026-1579	PX4 Autopilot Missing authentication for critical function — AutopilotCWE-306	9.8	Critical	2026-03-31
CVE-2026-34361	HAPI FHIR: Unauthenticated SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token Theft — org.hl7.fhir.coreCWE-552	9.3	Critical	2026-03-31
CVE-2026-34360	HAPI FHIR: Unauthenticated Blind SSRF via /loadIG Endpoint Enables Internal Network Probing — org.hl7.fhir.coreCWE-918	5.8	Medium	2026-03-31
CVE-2026-34240	jose vulnerable to untrusted JWK header key acceptance during signature verification — joseCWE-347	7.5	High	2026-03-31
CVE-2026-34227	Sliver One-Click Remote Access: Insecure CORS & Unauthenticated MCP Interface — sliverCWE-306	8.8^AI	High^AI	2026-03-31
CVE-2026-34573	Parse Server: GraphQL complexity validator exponential fragment traversal DoS — parse-serverCWE-407	7.5^AI	High^AI	2026-03-31
CVE-2026-34532	Parse Server: Cloud function validator bypass via prototype chain traversal — parse-serverCWE-863	9.1^AI	Critical^AI	2026-03-31
CVE-2026-34202	Zebra node crash — V5 transaction hash panic (P2P reachable) — zebraCWE-1336	7.5^AI	High^AI	2026-03-31
CVE-2026-4267	Query Monitor <= 3.20.3 - Reflected Cross-Site Scripting via Request URI — Query MonitorCWE-79	7.2	High	2026-03-31
CVE-2026-3191	Minify HTML <= 2.1.12 - Cross-Site Request Forgery to Plugin Settings Update — Minify HTMLCWE-352	5.4	Medium	2026-03-31
CVE-2026-32916	OpenClaw 2026.3.7 < 2026.3.11 - Authorization Bypass in Plugin Subagent Routes via Synthetic Admin Scopes — OpenClawCWE-266	9.4	Critical	2026-03-31
CVE-2026-3881	Performance Monitor <= 1.0.6 - Unauthenticated Blind SSRF — Performance Monitor	9.1^AI	Critical^AI	2026-03-31
CVE-2026-1877	Auto Post Scheduler <= 1.84 - Cross-Site Request Forgery to Stored Cross-Site Scripting via aps_options_page — Auto Post SchedulerCWE-79	6.1	Medium	2026-03-31

access:pre-auth 是常见的弱点类别，本平台收录该类弱点关联的 19065 条 CVE 漏洞。

目標達成 すべての支援者に感謝 — 100%達成しました！

access:pre-auth 标签下的 CVE 漏洞 19065

目標達成すべての支援者に感謝 — 100%達成しました！