Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

access:pre-auth — CVE vulnerabilities tagged 21435

21435 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2024-13432 Webcamconsult <= 1.5.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting — WebcamconsultCWE-352 6.1 Medium2025-01-18
CVE-2024-13515 Image Source Control Lite – Show Image Credits and Captions <= 2.28.0 - Reflected Cross-Site Scripting — Image Source Control Lite – Show Image Credits and CaptionsCWE-79 6.1 Medium2025-01-18
CVE-2024-13516 Kubio AI Page Builder <= 2.3.5 - Reflected Cross-Site Scripting — Kubio AI Page BuilderCWE-79 6.1 Medium2025-01-18
CVE-2025-0308 Ultimate Member <= 2.9.1 - Unauthenticated SQL Injection — Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership PluginCWE-89 7.5 High2025-01-18
CVE-2025-0318 Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.9.1 - Information Exposure — Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership PluginCWE-200 5.3 Medium2025-01-18
CVE-2024-12071 Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media <= 1.4.4 - Missing Authorization to Unauthenticated Arbitrary Post Deletion — Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social MediaCWE-862 5.3 Medium2025-01-18
CVE-2024-12757 Nedap Librix Ecoreader Missing Authentication for Critical Function — EcoreaderCWE-306 8.6 High2025-01-17
CVE-2024-13378 GravityForms 2.9.0.1 - 2.9.1.3 - Unauthenticated Stored Cross-Site Scripting via 'style_settings' parameter — Gravity FormsCWE-79 5.4 Medium2025-01-17
CVE-2024-13377 GravityForms <= 2.9.1.3 - Unauthenticated Stored Cross-Site Scripting via 'alt' parameter — Gravity FormsCWE-79 7.2 High2025-01-17
CVE-2024-11425 Schneider Electric Modicon M580 安全漏洞 — Modicon M580 CPU (part numbers BMEP* and BMEH*, excluding M580 CPU Safety)CWE-131 7.5 High2025-01-17
CVE-2024-12370 WP Hotel Booking <= 2.1.5 - Missing Authorization — WP Hotel BookingCWE-284 5.3 Medium2025-01-17
CVE-2024-12466 Proofreading <= 1.2.1.1 - Reflected Cross-Site Scripting — ProofreadingCWE-79 6.1 Medium2025-01-17
CVE-2024-12637 Moving Users <= 1.05 - Unauthenticated Sensitive Information Exposure — Moving UsersCWE-200 5.3 Medium2025-01-17
CVE-2024-13366 Sandbox <= 0.4 - Reflected Cross-Site Scripting — SandboxCWE-79 6.1 Medium2025-01-17
CVE-2024-13434 WP Inventory Manager <= 2.3.2 - Reflected Cross-Site Scripting — WP Inventory ManagerCWE-79 6.1 Medium2025-01-17
CVE-2024-50967 DATAGerry 安全漏洞 — n/a 7.5 -2025-01-17
CVE-2024-56136 /api/v1/jwt/fetch_api_key endpoint can leak if an email address has an account in Zulip server — zulipCWE-200 5.3 -2025-01-16
CVE-2024-36402 Unauthenticated writes to the media repository allow planting of problematic content in Matrix Media Repo — matrix-media-repoCWE-287 5.3 Medium2025-01-16
CVE-2024-36403 Denial of service/high operating costs through unauthenticated downloads in Matrix Media Repo — matrix-media-repoCWE-770 5.3 Medium2025-01-16
CVE-2018-25108 WAGO: Denial of service in 750-8xx controller due to uncontrolled resource consumption — 750-8100 (Controller PFC100)CWE-770 7.5 High2025-01-16
CVE-2024-12427 Multi Step Form <= 1.7.23 - Missing Authorization to Unauthenticated Limited File Upload — Multi Step FormCWE-862 5.3 Medium2025-01-16
CVE-2024-12613 Passwords Manager <= 1.4.8 - Unauthenticated SQL Injection — Passwords ManagerCWE-89 7.5 High2025-01-16
CVE-2024-10789 WP User Profile Avatar <= 1.0.5 - Cross-Site Request Forgery to Settings Update — WP User Profile AvatarCWE-352 4.3 Medium2025-01-16
CVE-2025-0170 DWT - Directory & Listing WordPress Theme <= 3.3.3 - Reflected Cross-Site Scripting — DWT - Directory & Listing WordPress ThemeCWE-79 6.1 Medium2025-01-16
CVE-2025-0456 NetVision Information airPASS - Missing Authentication — airPASSCWE-306 9.8 Critical2025-01-16
CVE-2025-0455 NetVision Information airPASS - SQL injection — airPASSCWE-89 9.8 Critical2025-01-16
CVE-2024-57676 D-Link DIR-816 安全漏洞 — n/a 7.5 -2025-01-16
CVE-2024-57677 D-Link DIR-816 安全漏洞 — n/a 8.2 -2025-01-16
CVE-2024-57678 D-Link DIR-816A2 安全漏洞 — n/a 5.3 -2025-01-16
CVE-2024-57679 D-Link DIR-816A2 安全漏洞 — n/a--2025-01-16

Vulnerabilities classified as access:pre-auth represent 21435 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.