Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

access:pre-auth — CVE vulnerabilities tagged 21457

21457 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2025-0105 Expedition: Arbitrary File Deletion Vulnerability — Cloud NGFWCWE-73 10.0 -2025-01-11
CVE-2024-11327 ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages <= 2.4.1 - Reflected Cross-Site Scripting — ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link PagesCWE-79 6.1 Medium2025-01-11
CVE-2024-12404 CF Internal Link Shortcode <= 1.1.0 - Unauthenticated SQL Injection — CF Internal Link ShortcodeCWE-89 7.5 High2025-01-11
CVE-2024-12847 NETGEAR DGN setup.cgi OS Command Injection — DGN1000CWE-78 9.8 Critical2025-01-10
CVE-2024-13318 Essential WP Real Estate <= 1.1.3 - Missing Authorization to Arbitrary Post/Page Deletion — Essential WP Real EstateCWE-463 5.3 Medium2025-01-10
CVE-2024-10215 WPBookit <= 1.6.4 - Unauthenticated Arbitrary User Password Change — WPBookitCWE-639 9.8 Critical2025-01-09
CVE-2025-21598 Junos OS and Junos OS Evolved: When BGP traceoptions are configured, receipt of malformed BGP packets causes RPD to crash — Junos OSCWE-125 7.5 High2025-01-09
CVE-2025-21600 Junos OS and Junos OS Evolved: With certain BGP options enabled, receipt of specifically malformed BGP update causes RPD crash — Junos OSCWE-125 6.5 Medium2025-01-09
CVE-2025-21602 Junos OS and Junos OS Evolved: Receipt of specially crafted BGP update packet causes RPD crash — Junos OSCWE-755 6.5 Medium2025-01-09
CVE-2025-21599 Junos OS Evolved: Receipt of specifically malformed IPv6 packets causes kernel memory exhaustion leading to Denial of Service — Junos OS EvolvedCWE-401 7.5 High2025-01-09
CVE-2025-21593 Junos OS and Junos OS Evolved: On SRv6 enabled devices, an attacker sending a malformed BGP update can cause the rpd to crash — Junos OSCWE-664 6.5 Medium2025-01-09
CVE-2024-11642 Post Grid Master <= 3.4.12 - Missing Authorization to Unauthenticated Local PHP File Inclusion — Post Grid Master — Post Grids & AJAX FiltersCWE-22 9.8 Critical2025-01-09
CVE-2024-12394 Action Network <= 1.4.4 - Reflected Cross-Site Scripting — Action NetworkCWE-79 6.1 Medium2025-01-09
CVE-2024-12542 linkID <= 0.1.2 - Missing Authorization to Unauthenticated Sensitive Information Exposure — linkIDCWE-862 8.6 High2025-01-09
CVE-2024-11686 WhatsApp click to chat <= 3.0.4 - Reflected Cross-Site Scripting — WhatsApp 🚀 click to chatCWE-79 6.1 Medium2025-01-09
CVE-2024-11815 Pósturinn\'s Shipping with WooCommerce <= 1.3.1 - Reflected Cross-Site Scripting — Pósturinn\'s Shipping with WooCommerceCWE-79 6.1 Medium2025-01-09
CVE-2024-11328 CLUEVO LMS, E-Learning Platform <= 1.13.2 - Reflected Cross-Site Scripting — CLUEVO LMS, E-Learning PlatformCWE-79 6.1 Medium2025-01-09
CVE-2024-12218 Woocommerce check pincode/zipcode for shipping <= 2.0.4 - Cross-Site Request Forgery to Reflected Cross-Site Scripting — Woocommerce check pincode/zipcode for shippingCWE-352 6.1 Medium2025-01-09
CVE-2024-12605 AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) <= 2.5 - Cross-Site Request Forgery to Settings Update — Opace AI Scribe: SEO Content Creator & Humaizer for OpenAI & AnthropicCWE-352 4.3 Medium2025-01-09
CVE-2024-12206 Wordpress Header Builder Plugin <= 1.3.8 - Cross-Site Request Forgery to Header Deletion — Pearl – Header BuilderCWE-352 4.3 Medium2025-01-09
CVE-2024-12222 Deliver via Shipos for WooCommerce <= 2.1.7 - Reflected Cross-Site Scripting via dvsfw_bulk_label_url Parameter — Deliver via Shipos for WooCommerceCWE-79 6.1 Medium2025-01-09
CVE-2024-12285 SEMA API <= 5.27 - Reflected Cross-Site Scripting via catid Parameter — SEMA APICWE-79 6.1 Medium2025-01-09
CVE-2024-12330 WP Database Backup – Unlimited Database & Files Backup by Backup for WP <= 7.3 - Unauthenticated Database Back-Up Exposure — WP Database Backup – Unlimited Database & Files Backup by Backup for WPCWE-530 7.5 High2025-01-09
CVE-2024-12122 ResAds <= 2.0.6 - Reflected Cross-Site Scripting via Multiple Parameters — ResAdsCWE-79 6.1 Medium2025-01-09
CVE-2023-28354 Opsview Monitor Agent 安全漏洞 — n/a 9.8 -2025-01-09
CVE-2025-0282 Ivanti多款产品 安全漏洞 — Connect SecureCWE-121 9.0 Critical2025-01-08
CVE-2024-54010 Unauthenticated Traffic Handling Flaw Allows Packet Leakage on HPE Aruba Networking CX 10000 series switches — AOS-CX 3.4 Low2025-01-08
CVE-2025-20126 Cisco ThousandEyes Endpoint Agent Certificate Validation Vulnerability — Cisco ThousandEyes Endpoint AgentCWE-295 4.8 Medium2025-01-08
CVE-2025-22137 Arbitrary File Overwrite via HTTP POST in Pingvin Share — pingvin-shareCWE-20 9.8 Critical2025-01-08
CVE-2024-12337 Shipping via Planzer for WooCommerce <= 1.0.25 - Reflected Cross-Site Scripting via processed-ids — Shipping via Planzer for WooCommerceCWE-79 6.1 Medium2025-01-08

Vulnerabilities classified as access:pre-auth represent 21457 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.