access:pre-auth — CVE vulnerabilities tagged 19065

19065 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-2511	JS Help Desk – AI-Powered Support & Ticketing System <= 3.0.4 - Unauthenticated SQL Injection via 'multiformid' Parameter — JS Help Desk – AI-Powered Support & Ticketing SystemCWE-89	7.5	High	2026-03-26
CVE-2026-33343	etcd: Nested etcd transactions bypass RBAC authorization checks — etcdCWE-863	-	-	2026-03-26
CVE-2018-25210	WebOfisi E-Ticaret 4.0 SQL Injection via urun Parameter — Ticaret V4CWE-79	8.2	High	2026-03-26
CVE-2018-25209	OpenBiz Cubi Lite 3.0.8 SQL Injection via username Parameter — OpenBiz Cubi LiteCWE-89	8.2	High	2026-03-26
CVE-2018-25208	qdPM 9.1 SQL Injection via filter_by Parameters — qdPMCWE-89	8.2	High	2026-03-26
CVE-2018-25205	ASP.NET jVideo Kit 1.0 SQL Injection via query Parameter — ASP.NET jVideo KitCWE-89	8.2	High	2026-03-26
CVE-2018-25204	Library CMS 1.0 SQL Injection via admin login — Library CMSCWE-89	8.2	High	2026-03-26
CVE-2018-25203	Online Store System CMS 1.0 SQL Injection via clientaccess — Online Store System CMSCWE-89	8.2	High	2026-03-26
CVE-2018-25195	Wecodex Hotel CMS 1.0 SQL Injection via Admin Login — Wecodex Hotel CMSCWE-89	8.2	High	2026-03-26
CVE-2018-25185	Wecodex Restaurant CMS 1.0 SQL Injection via Login — Wecodex Restaurant CMSCWE-89	8.2	High	2026-03-26
CVE-2018-25183	Shipping System CMS 1.0 SQL Injection via admin login — Shipping System CMSCWE-89	8.2	High	2026-03-26
CVE-2026-4652	Remote denial of service via null pointer dereference — FreeBSDCWE-476	7.5	-	2026-03-26
CVE-2026-1890	LeadConnector < 3.0.22 - Unauthenticated Rest Call — LeadConnector	7.5	-	2026-03-26
CVE-2025-15488	Responsive Plus < 3.4.3 - Unauthenticated Arbitrary Shortcode Execution — Responsive Plus	9.8	-	2026-03-26
CVE-2026-4329	Blackhole for Bad Bots <= 3.8 - Unauthenticated Stored Cross-Site Scripting via User-Agent HTTP Header — Blackhole for Bad BotsCWE-79	7.2	High	2026-03-26
CVE-2026-4281	FormLift for Infusionsoft Web Forms <= 7.5.21 - Missing Authorization to Unauthenticated Infusionsoft Connection Hijack via OAuth Connection Flow — FormLift for Infusionsoft Web FormsCWE-862	5.3	Medium	2026-03-26
CVE-2026-1986	FloristPress for Woo <= 7.8.2 - Reflected Cross-Site Scripting via 'noresults' Parameter — FloristPress for Woo – Customize your eCommerce store for your FloristCWE-79	6.1	Medium	2026-03-26
CVE-2026-30976	Sonarr Path Traversal vulnerability — SonarrCWE-22	8.6	High	2026-03-25
CVE-2026-29785	NATS Server panic via malicious compression on leafnode port — nats-serverCWE-476	7.5	High	2026-03-25
CVE-2026-1724	Missing Authentication for Critical Function in GitLab — GitLabCWE-306	6.8	Medium	2026-03-25
CVE-2026-2745	Authentication Bypass Using an Alternate Path or Channel in GitLab — GitLabCWE-288	6.8	Medium	2026-03-25
CVE-2026-3857	Cross-Site Request Forgery (CSRF) in GitLab — GitLabCWE-352	8.1	High	2026-03-25
CVE-2026-3988	Inefficient Algorithmic Complexity in GitLab — GitLabCWE-407	7.5	High	2026-03-25
CVE-2026-20719	DoS via URL Previews Rendering Malicious SVGs — MattermostCWE-754	4.3	Medium	2026-03-25
CVE-2026-26233	Denial of Service via HTTP/2 single packet attack on login endpoint — MattermostCWE-400	4.3	Medium	2026-03-25
CVE-2026-20113	Cisco IOS XE Software 注入漏洞 — Cisco IOS XE SoftwareCWE-93	5.3	Medium	2026-03-25
CVE-2026-20115	Cisco IOS XE Software 安全漏洞 — Cisco IOS XE SoftwareCWE-319	6.1	Medium	2026-03-25
CVE-2026-20104	Cisco多款产品安全漏洞 — Cisco IOS XE SoftwareCWE-124	6.1	Medium	2026-03-25
CVE-2026-20004	Cisco IOS XE Software 安全漏洞 — Cisco IOS XE SoftwareCWE-771	7.4	High	2026-03-25
CVE-2024-58341	OpenCart Core 4.0.2.3 SQL Injection via search Parameter — OpenCart CoreCWE-89	8.2	High	2026-03-25

Vulnerabilities classified as access:pre-auth represent 19065 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

access:pre-auth — CVE vulnerabilities tagged 19065