Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19065

19065 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2026-29796 IGL-Technologies eParking.fi Missing Authentication for Critical Function — eParking.fiCWE-306 9.4 Critical2026-03-20
CVE-2026-33231 NLTK has unauthenticated remote shutdown in nltk.app.wordnet_app — nltkCWE-306 7.5 High2026-03-20
CVE-2026-25192 CTEK Chargeportal Missing Authentication for Critical Function — ChargeportalCWE-306 9.4 Critical2026-03-20
CVE-2026-33204 SimpleJWT has an Unauthenticated Denial of Service via JWE header tampering — simplejwtCWE-400 7.5 High2026-03-20
CVE-2026-33476 SiYuan has an Unauthenticated Arbitrary File Read via Path Traversal — siyuanCWE-22 7.5 High2026-03-20
CVE-2026-33203 SiYuan has an Unauthenticated WebSocket DoS via Auth Keepalive Bypass — siyuanCWE-248 7.5 High2026-03-20
CVE-2026-23536 Feast: unauthenticated arbitrary file read — Red Hat OpenShift AI (RHOAI)CWE-22 7.5 High2026-03-20
CVE-2026-3584 Kali Forms <= 2.4.9 - Unauthenticated Remote Code Execution via form_process — Kali Forms — Contact Form & Drag-and-Drop BuilderCWE-94 9.8 Critical2026-03-20
CVE-2026-33143 OneUptime: WhatsApp Webhook Missing Signature Verification — oneuptimeCWE-345 5.3 -2026-03-20
CVE-2026-29794 Vikunja has Rate-Limit Bypass for Unauthenticated Users via Spoofed Headers — vikunjaCWE-807 5.3 Medium2026-03-20
CVE-2026-32595 Traefik: BasicAuth Middleware Timing Attack Allows Username Enumeration — traefikCWE-208 3.7 -2026-03-20
CVE-2026-33072 FileRise: Default Encryption Key Enables Token Forgery and Config Decryption — FileRiseCWE-798 8.2 High2026-03-20
CVE-2026-33070 FileRise has Unauthenticated Share Link Deletion — FileRiseCWE-306 3.7 Low2026-03-20
CVE-2026-33057 Mesop Affected by Unauthenticated Remote Code Execution via Test Suite Route /exec-py — mesopCWE-94 9.8 Critical2026-03-20
CVE-2026-33043 AVideo affected by Session Hijacking via Unauthenticated Session ID Disclosure with Permissive CORS — AVideoCWE-942 8.1 High2026-03-20
CVE-2026-33041 AVideo has an Unauthenticated Password Hash Oracle via encryptPass.json.php — AVideoCWE-200 5.3 Medium2026-03-20
CVE-2026-33040 libp2p-rust: Gossipsub PRUNE.backoff Duration Overflow — rust-libp2pCWE-190 7.5 -2026-03-20
CVE-2026-33038 AVideo affected by unauthenticated application takeover via exposed web installer on uninitialized deployments — AVideoCWE-306 8.1 High2026-03-20
CVE-2026-33035 Unauthenticated Reflected XSS via innerHTML in AVideo — AVideoCWE-79 6.1 -2026-03-20
CVE-2026-33024 AVideo-Encoder has Unauthenticated Blind Server-Side Request Forgery via Public Thumbnail Generator — AVideo-EncoderCWE-918 9.8 -2026-03-20
CVE-2026-33017 Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint — langflowCWE-94 9.8 -2026-03-20
CVE-2026-4136 Membership Plugin – Restrict Content <= 3.2.24 - Unvalidated Redirect in Password Reset Flow via rcp_redirect — Membership Plugin – Restrict ContentCWE-640 4.3 Medium2026-03-20
CVE-2026-4038 Aimogen Pro <= 2.7.5 - Unauthenticated Privilege Escalation via Arbitrary Function Call — Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation ToolkitCWE-862 9.8 Critical2026-03-20
CVE-2026-32940 SiYuan has a SanitizeSVG bypass via data:text/xml in getDynamicIcon (incomplete fix for CVE-2026-29183) — siyuanCWE-79 9.3 Critical2026-03-20
CVE-2026-32890 Anchorr: Stored XSS in User Mapping dropdown allows unprivileged Discord users to exfiltrate all secrets via /api/config — AnchorrCWE-79 9.7 Critical2026-03-20
CVE-2026-21992 Oracle Identity Manager 安全漏洞 — Oracle Identity Manager 9.8 Critical2026-03-20
CVE-2026-4465 D-Link DIR-513 formSysCmd os command injection — DIR-513CWE-78 6.3 Medium2026-03-20
CVE-2026-32817 Admidio is Missing Authorization and CSRF Protection on Document and Folder Deletion — admidioCWE-862 9.1 Critical2026-03-20
CVE-2026-32873 ewe: Loop with Unreachable Exit Condition ('Infinite Loop') — eweCWE-825 7.5 High2026-03-20
CVE-2026-32985 Xerte Online Toolkits <= 3.14 Unauthenticated Template Import Arbitrary File Upload Leading to Remote Code Execution — Xerte Online ToolkitsCWE-306 9.8 Critical2026-03-20

Vulnerabilities classified as access:pre-auth represent 19065 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.