Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19070

19070 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2026-21992 Oracle Identity Manager 安全漏洞 — Oracle Identity Manager 9.8 Critical2026-03-20
CVE-2026-4465 D-Link DIR-513 formSysCmd os command injection — DIR-513CWE-78 6.3 Medium2026-03-20
CVE-2026-32817 Admidio is Missing Authorization and CSRF Protection on Document and Folder Deletion — admidioCWE-862 9.1 Critical2026-03-20
CVE-2026-32873 ewe: Loop with Unreachable Exit Condition ('Infinite Loop') — eweCWE-825 7.5 High2026-03-20
CVE-2026-32985 Xerte Online Toolkits <= 3.14 Unauthenticated Template Import Arbitrary File Upload Leading to Remote Code Execution — Xerte Online ToolkitsCWE-306 9.8 Critical2026-03-20
CVE-2026-33368 Zimbra Collaboration Suite(ZCS) 安全漏洞 — n/a 6.1 -2026-03-20
CVE-2026-32761 File Browser has an Authorization Policy Bypass in its Public Share Download Flow — filebrowserCWE-284 6.5 Medium2026-03-19
CVE-2026-32760 File Browser Self Registration Grants Any User Admin Access When Default Permissions Include Admin — filebrowserCWE-269 9.8 -2026-03-19
CVE-2026-33289 SuiterCRM has LDAP Filter Injection in Authentication Module — SuiteCRMCWE-90 8.8 High2026-03-19
CVE-2026-29105 SuiteCRM has Unauthenticated Open Redirect in Leads WebToLead Capture — SuiteCRMCWE-601 5.4 Medium2026-03-19
CVE-2026-32816 Admidio has Missing CSRF Validation on Role Delete, Activate, and Deactivate Actions — admidioCWE-352 5.7 Medium2026-03-19
CVE-2026-32041 OpenClaw < 2026.3.1 - Unauthenticated Browser Control Access via Failed Auth Bootstrap — OpenClawCWE-306 6.9 Medium2026-03-19
CVE-2026-32011 OpenClaw < 2026.3.2 - Slow-Request Denial of Service via Pre-Auth Webhook Body Parsing — OpenClawCWE-770 7.5 High2026-03-19
CVE-2026-30871 OpenWrt Project has Stack-based Buffer Overflow in DNS PTR Query — openwrtCWE-121 10.0 -2026-03-19
CVE-2026-32815 SiYuan: Cross-Origin WebSocket Hijacking via Authentication Bypass — Unauthenticated Information Disclosure — siyuanCWE-287 9.1 -2026-03-19
CVE-2026-32754 FreeScout: Stored XSS via Unescaped Email Template Rendering ({!! $thread->body !!}) — freescoutCWE-79 9.3 Critical2026-03-19
CVE-2026-32194 Microsoft Bing Images Remote Code Execution Vulnerability — Microsoft Bing ImagesCWE-77 9.8 Critical2026-03-19
CVE-2026-24299 M365 Copilot Information Disclosure Vulnerability — Microsoft 365 CopilotCWE-77 5.3 Medium2026-03-19
CVE-2026-26120 Microsoft Bing Tampering Vulnerability — Microsoft BingCWE-918 6.5 Medium2026-03-19
CVE-2026-23658 Azure DevOps: msazure Elevation of Privilege Vulnerability — Azure DevOps: msazureCWE-522 8.6 High2026-03-19
CVE-2026-26138 Microsoft Purview Elevation of Privilege Vulnerability — Microsoft PurviewCWE-918 8.6 High2026-03-19
CVE-2026-32191 Microsoft Bing Images Remote Code Execution Vulnerability — Microsoft Bing ImagesCWE-78 9.8 Critical2026-03-19
CVE-2026-26139 Microsoft Purview Elevation of Privilege Vulnerability — Microsoft PurviewCWE-918 8.6 High2026-03-19
CVE-2026-30836 Step CA: Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18) — certificatesCWE-287 10.0 Critical2026-03-19
CVE-2026-27953 ormar has a Pydantic Validation Bypass via Kwargs Injection in Model Constructor — ormarCWE-915 7.1 High2026-03-19
CVE-2026-1005 Integer underflow leads to out-of-bounds access in sniffer AES-GCM/CCM/ARIA-GCM decrypt path — wolfSSLCWE-191 7.5 -2026-03-19
CVE-2026-32867 OPEXUS eComplaint unauthenticated file upload — eComplaintCWE-639 5.4 Medium2026-03-19
CVE-2026-4424 Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing — Red Hat Enterprise Linux 10CWE-125 7.5 High2026-03-19
CVE-2025-71257 BMC FootPrints ITSM 20.20.02 <= 20.24.01.001 Authentication Bypass — FootPrintsCWE-306 7.3 High2026-03-19
CVE-2026-3511 Autogram 安全漏洞 — AutogramCWE-611 8.6 High2026-03-19

Vulnerabilities classified as access:pre-auth represent 19070 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.