目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1336 CNY

100%

access:pre-auth 标签下的 CVE 漏洞 21457

access:pre-auth 类型相关 21457 条 CVE 漏洞,含 AI 中文分析、CVSS、参考链接与 POC。

“access:pre-auth”标签标识了无需身份验证即可触发的漏洞,涵盖18971个CVE。此类漏洞之所以关键,是因为攻击者无需凭证即可直接利用,极大降低了攻击门槛并扩大了潜在受害面。典型场景包括远程代码执行、未授权数据访问及拒绝服务攻击,常见于配置错误的API接口、默认凭证服务或存在逻辑缺陷的认证前处理模块,对系统安全性构成直接且严重的威胁。

CVE IDタイトルCVSS深刻度公開日
CVE-2025-24870 Insecure Key & Secret Management vulnerability in SAP GUI for Windows — SAP GUI for WindowsCWE-921 6.0 Medium2025-02-11
CVE-2025-24868 Open Redirect Vulnerability in SAP HANA extended application services, advanced model (User Account and Authentication Services) — SAP HANA extended application services, advanced model (User Account and Authentication Services)CWE-601 7.1 High2025-02-11
CVE-2025-24867 Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform (BI Launchpad) — SAP BusinessObjects Platform (BI Launchpad)CWE-79 6.1 Medium2025-02-11
CVE-2025-23193 Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP — SAP NetWeaver Server ABAPCWE-204 5.3 Medium2025-02-11
CVE-2025-23187 Missing Authorization Check in SAP NetWeaver and ABAP Platform (SDCCN) — SAP NetWeaver and ABAP Platform (SDCCN)CWE-862 5.3 Medium2025-02-11
CVE-2024-10649 Unauthenticated File Upload in wandb/openui — wandb/openuiCWE-306 10.0 -2025-02-10
CVE-2024-13010 WP Foodbakery <= 4.8 - Reflected Cross-Site Scripting — WP FoodbakeryCWE-79 6.1 Medium2025-02-10
CVE-2024-13011 WP Foodbakery <= 4.7 - Unauthenticated Arbitrary File Upload — WP FoodbakeryCWE-434 9.8 Critical2025-02-10
CVE-2024-46429 Tenda W18E 信任管理问题漏洞 — n/a 9.8 -2025-02-10
CVE-2024-46430 Tenda W18E 访问控制错误漏洞 — n/a 9.8 -2025-02-10
CVE-2024-46433 Tenda W18E 信任管理问题漏洞 — n/a 9.8 -2025-02-10
CVE-2024-46436 Tenda W18E 信任管理问题漏洞 — n/a 9.8 -2025-02-10
CVE-2024-46437 Tenda W18E 信息泄露漏洞 — n/a 9.8 -2025-02-10
CVE-2024-13440 Super Store Finder <= 7.0 - Unauthenticated SQL Injection to Stored Cross-Site Scripting — Super Store FinderCWE-89 8.2 High2025-02-09
CVE-2025-0316 WP Directorybox Manager <= 2.5 - Authentication Bypass — WP Directorybox ManagerCWE-288 9.8 Critical2025-02-08
CVE-2024-7419 WP All Export Pro <= 1.9.1 - Unauthenticated Remote Code Execution via Custom Export Fields — WP All Export ProCWE-94 8.3 High2025-02-07
CVE-2024-9661 WP All Import Pro <= 4.9.7 - Cross-Site Request Forgery to Imported Content Deletion — WP All Import ProCWE-352 4.3 Medium2025-02-07
CVE-2025-1108 Insufficient data authenticity vulnerability in Janto — JantoCWE-345 8.6 High2025-02-07
CVE-2025-1107 Unverified password change vulnerability in Janto — JantoCWE-620 9.9 Critical2025-02-07
CVE-2025-1077 Remote Code Execution vulnerability in IBL Software Engineering Visual Weather and derived products (NAMIS, Aero Weather, Satellite Weather) — Visual WeatherCWE-502 9.8 -2025-02-07
CVE-2025-1061 Nextend Social Login Pro <= 3.1.16 - Authentication Bypass via Apple OAuth provider — Nextend Social Login ProCWE-288 9.8 Critical2025-02-07
CVE-2025-0675 Elber Communications Equipment Hidden Functionality — Signum DVB-S/S2 IRDCWE-912 7.5 High2025-02-06
CVE-2024-52892 IBM Jazz for Service Management Cross-Site Scripting — Jazz for Service ManagementCWE-79 6.1 Medium2025-02-06
CVE-2025-24786 Path traversal opening Sqlite3 database in WhoDB — whodbCWE-35 10.0 Critical2025-02-06
CVE-2024-37358 Apache James: denial of service through the use of IMAP literals — Apache James serverCWE-770 8.6 High2025-02-06
CVE-2024-13487 CURCY – Multi Currency for WooCommerce <= 2.2.5 - Unauthenticated Arbitrary Shortcode Execution via get_products_price Function — CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.xCWE-94 7.3 High2025-02-06
CVE-2025-23094 Mitel OpenScape 4000和OpenScape 4000 Manager 安全漏洞 — n/a 9.8 -2025-02-06
CVE-2025-20183 Cisco Secure Web Appliance Range Request Bypass Vulnerability — Cisco Secure Web ApplianceCWE-20 5.8 Medium2025-02-05
CVE-2025-20179 Cisco Expressway Series Cross-Site Scripting Vulnerability — Cisco TelePresence Video Communication Server (VCS) ExpresswayCWE-79 6.1 Medium2025-02-05
CVE-2024-13829 WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto <= 8.0.8 - Unauthenticated Sensitive Information Exposure — WordPress form builder plugin for contact forms, surveys and quizzes – TripettoCWE-200 5.3 Medium2025-02-05

access:pre-auth 是常见的弱点类别,本平台收录该类弱点关联的 21457 条 CVE 漏洞。