Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19065

19065 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2026-4649 Auth bypass in Apache Artemis allows reading all internal messages — KNIME Business HubCWE-306 6.5 -2026-03-24
CVE-2026-3509 CODESYS Control Audit Log Format String DoS — CODESYS Control RTE (SL)CWE-134 7.5 High2026-03-24
CVE-2026-4283 WP DSGVO Tools (GDPR) <= 3.1.38 - Missing Authorization to Unauthenticated Account Destruction of Non-Admin Users — WP DSGVO Tools (GDPR)CWE-862 9.1 Critical2026-03-24
CVE-2026-4662 JetEngine <= 3.8.6.1 - Unauthenticated SQL Injection via Listing Grid 'filtered_query' Parameter — JetEngineCWE-89 7.5 High2026-03-24
CVE-2026-3138 Product Filter for WooCommerce by WBW <= 3.1.2 - Missing Authorization to Unauthenticated Filter Data Deletion via TRUNCATE TABLE — Product Filter for WooCommerce by WBWCWE-862 6.5 Medium2026-03-24
CVE-2026-4640 Galaxy Software Services|Vitals ESP - Missing Authentication — Vitals ESPCWE-306 7.5 High2026-03-24
CVE-2026-3260 Undertow: undertow: denial of service due to premature multipart/form-data parsing in get requests — Red Hat build of Apache Camel for Spring Boot 4CWE-770 5.9 Medium2026-03-24
CVE-2026-30655 e-SIC Livre 安全漏洞 — n/a 7.5 -2026-03-24
CVE-2026-33283 Ella Core panics on malformed ULNASTransport Message without a Request Type — coreCWE-476 6.5 Medium2026-03-23
CVE-2026-33282 Ella Core panics on malformed NGAP Location Report — coreCWE-476 7.5 High2026-03-23
CVE-2026-33281 Ella Core panics on invalid PDU Session IDs in NGAP messages — coreCWE-129 6.5 Medium2026-03-23
CVE-2026-33242 Salvo has a Path Traversal in salvo-proxy::encode_url_path allows API Gateway Bypass — salvoCWE-22 7.5 High2026-03-23
CVE-2026-4021 Contest Gallery <= 28.1.5 - Unauthenticated Privilege Escalation Admin Account Takeover via Registration Confirmation Email-to-ID Type Confusion — Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & StripeCWE-287 8.1 High2026-03-23
CVE-2026-4001 Woocommerce Custom Product Addons Pro <= 5.4.1 - Unauthenticated Remote Code Execution via Custom Pricing Formula — Woocommerce Custom Product Addons ProCWE-95 9.8 Critical2026-03-23
CVE-2026-4306 WP Job Portal <= 2.4.8 - Unauthenticated SQL Injection via 'radius' Parameter — WP Job Portal – AI-Powered Recruitment System for Company or Job Board websiteCWE-89 7.5 High2026-03-23
CVE-2025-60949 Census CSWeb leaked configuration files — CSWebCWE-200 9.1 Critical2026-03-23
CVE-2026-33719 AVideo Vulnerable to Unauthenticated CDN Configuration Takeover via Empty Default Key Bypass and Mass-Assignment in status.json.php — AVideoCWE-306 8.6 High2026-03-23
CVE-2026-33716 AVideo Allows Unauthenticated Live Stream Control via Token Verification URL Override in control.json.php — AVideoCWE-287 9.4 Critical2026-03-23
CVE-2026-33688 AVideo has Pre-Captcha User Enumeration and Account Status Disclosure in Password Recovery Endpoint — AVideoCWE-204 5.3 Medium2026-03-23
CVE-2026-33685 AVideo Allows Unauthenticated Access to AD_Server reports.json.php that Exposes Ad Campaign Analytics and User Data — AVideoCWE-862 5.3 Medium2026-03-23
CVE-2026-25075 strongSwan 4.5.0 < 6.0.5 EAP-TTLS AVP Parsing Integer Underflow — strongSwanCWE-191 7.5 High2026-03-23
CVE-2026-33649 AVideo's GET-Based CSRF in setPermission.json.php Enables Privilege Escalation via Arbitrary Permission Modification — AVideoCWE-352 8.1 High2026-03-23
CVE-2026-33513 AVideo has an Unauthenticated Local File Inclusion in API locale (RCE possible with writable PHP) — AVideoCWE-22 8.6 High2026-03-23
CVE-2025-15517 Authorization Bypass in HTTP Server Endpoints on TP-Link Archer NX200, NX210, NX500 and NX600 — Archer NX600 v3.0CWE-306 9.8 -2026-03-23
CVE-2026-33507 AVideo Affected by CSRF on Plugin Import Endpoint Enables Unauthenticated Remote Code Execution via Malicious Plugin Upload — AVideoCWE-352 8.8 High2026-03-23
CVE-2026-33502 AVideo has Unauthenticated SSRF via plugin/Live/test.php — AVideoCWE-918 9.3 Critical2026-03-23
CVE-2026-33501 AVideo has Unauthenticated Information Disclosure of User Group Permission Mappings via Permissions Plugin — AVideoCWE-862 5.3 Medium2026-03-23
CVE-2026-33485 AVideo has an Unauthenticated Blind SQL Injection in RTMP on_publish Callback via Stream Name Parameter — AVideoCWE-89 7.5 High2026-03-23
CVE-2026-33483 AVideo Affected by Unauthenticated Disk Space Exhaustion via Unlimited Temp File Creation in aVideoEncoderChunk.json.php — AVideoCWE-770 7.5 High2026-03-23
CVE-2026-33480 AVideo has a SSRF Protection Bypass via IPv4-Mapped IPv6 Addresses in Unauthenticated LiveLinks Proxy — AVideoCWE-918 8.6 High2026-03-23

Vulnerabilities classified as access:pre-auth represent 19065 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.