Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

access:pre-auth — CVE vulnerabilities tagged 21457

21457 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2024-54488 Apple iOS和iPadOS 安全漏洞 — iOS and iPadOS 7.5 -2025-01-27
CVE-2025-24814 Apache Solr: Core-creation with "trusted" configset can use arbitrary untrusted files — Apache SolrCWE-250 9.8 -2025-01-27
CVE-2024-13117 Social Share Buttons for WordPress <= 2.7 - Unauthenticated Image Upload & Path Traversal — Social Share Buttons for WordPress 5.3 -2025-01-27
CVE-2024-56316 Axiros AXESS ACS 安全漏洞 — n/a 7.5 -2025-01-27
CVE-2024-11641 VikBooking Hotel Booking Engine & PMS <= 1.7.2 - Cross-Site Request Forgery to Authenticated (Subscriber+) Arbitrary File Upload — VikBooking Hotel Booking Engine & PMSCWE-352 8.8 High2025-01-26
CVE-2024-12334 WC Affiliate – A Complete WooCommerce Affiliate Plugin <= 2.4 - Reflected Cross-Site Scripting — WC Affiliate – WooCommerce Affiliate PluginCWE-79 6.1 Medium2025-01-26
CVE-2024-11090 Membership Plugin – Restrict Content <= 3.2.13 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure — Membership Plugin – Restrict ContentCWE-200 5.3 Medium2025-01-26
CVE-2024-10633 Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Unauthenticated Arbitrary Shortcode Execution via content — Quiz Maker DeveloperCWE-95 7.3 High2025-01-26
CVE-2024-10574 Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Missing Authorization to Google Sheets Integration Credentials Modification and Stored Cross-Site Scripting — Quiz Maker DeveloperCWE-862 7.2 High2025-01-26
CVE-2024-10628 Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Unauthenticated SQL Injection via id — Quiz Maker BusinessCWE-89 7.5 High2025-01-26
CVE-2024-10636 Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Reflected DOM-Based Cross-Site Scripting via content — Quiz Maker DeveloperCWE-79 6.1 Medium2025-01-26
CVE-2024-35145 IBM Maximo Application Suite cross-site scripting — Maximo Application SuiteCWE-79 6.1 Medium2025-01-25
CVE-2024-13562 Import WP – Export and Import CSV and XML files to WordPress <= 2.14.5 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory — Import WP – Export and Import CSV and XML files to WordPressCWE-200 7.5 High2025-01-25
CVE-2024-12826 GoHero Store Customizer for WooCommerce <= 3.5 - Missing Authorization to Unuthenticated Settings Update — GoHero Store Customizer for WooCommerceCWE-862 4.3 Medium2025-01-25
CVE-2024-13467 WP Contact Form7 Email Spam Blocker <= 1.0.0 - Reflected Cross-Site Scripting — WP Contact Form7 Email Spam BlockerCWE-79 6.1 Medium2025-01-25
CVE-2024-12076 Target Video Easy Publish <= 3.8.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Target Video Easy PublishCWE-79 6.1 Medium2025-01-25
CVE-2024-13709 Linear <= 2.8.1 - Cross-Site Request Forgery to Cache Reset — LinearCWE-352 4.3 Medium2025-01-25
CVE-2025-0357 WPBookit <= 1.6.9 - Unauthenticated Arbitrary File Upload — WPBookitCWE-434 9.8 Critical2025-01-25
CVE-2024-13698 Jobify - Job Board WordPress Theme <= 4.2.7 - Missing Authorization to Unauthenticated Server-Side Request Forgery, Arbitrary Image Upload, and Image Generation — Jobify - Job Board WordPress ThemeCWE-862 6.5 Medium2025-01-24
CVE-2024-13545 Bootstrap Ultimate <= 1.4.9 - Unauthenticated Limited Local File Inclusion — Bootstrap UltimateCWE-22 9.8 Critical2025-01-24
CVE-2024-13683 Automate Hub Free by Sperse.IO <= 1.7.0 - Cross-Site Request Forgery to Activation Status Update — Automate Hub Free by Sperse.IOCWE-352 4.3 Medium2025-01-24
CVE-2025-23011 Fedora Repository archive extraction path traversal — Fedora RepositoryCWE-23 8.8 High2025-01-23
CVE-2024-12078 ECOVACS lawnmowers and vacuums static BLE GATT encryption key — Unspecified robotsCWE-321 6.3 Medium2025-01-23
CVE-2024-52330 ECOVACS lawnmowers and vacuums do not properly validate TLS certificates — DEEBOT X5 PRO PLUSCWE-295 7.4 High2025-01-23
CVE-2024-52329 ECOVACS HOME mobile app plugins do not properly validate TLS certificates — ECOVACS HOMECWE-295 7.4 High2025-01-23
CVE-2024-52325 ECOVACS robot lawnmowers and vacuums command injection — GOAT G1CWE-77 9.6 Critical2025-01-23
CVE-2025-0637 Inadequate access control in Beta10 — Beta10CWE-287 9.8 Critical2025-01-23
CVE-2025-23006 SonicWALL SMA1000 代码问题漏洞 — SMA1000CWE-502 9.8 -2025-01-23
CVE-2024-13422 SEO Blogger to WordPress Migration using 301 Redirection <= 0.4.8 - Reflected Cross-Site Scripting — SEO Blogger to WordPress Migration using 301 RedirectionCWE-79 6.1 Medium2025-01-23
CVE-2024-13234 Product Table by WBW <= 2.1.2 - Unuthenticated SQL Injection — Product Table for WooCommerce by WBWCWE-89 7.5 High2025-01-23

Vulnerabilities classified as access:pre-auth represent 21457 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.