Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19070

19070 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2026-4295 Arbitrary code execution via crafted project files in Kiro IDE — Kiro IDECWE-829 7.8 High2026-03-17
CVE-2026-25771 Wazuh Vulnerable to Denial of Service via Synchronous I/O Blocking in Asynchronous Authentication Middleware — wazuhCWE-400 5.3 Medium2026-03-17
CVE-2026-32297 Angeet ES3 KVM unauthenticated arbitrary file write — ES3 KVMCWE-306 7.5 High2026-03-17
CVE-2026-32296 Sipeed NanoKVM unauthenticated Wi-Fi configuration endpoint — NanoKVMCWE-306 8.2 High2026-03-17
CVE-2026-4318 UTT HiPER 810G formApLbConfig strcpy buffer overflow — HiPER 810GCWE-120 8.8 High2026-03-17
CVE-2026-4312 DrangSoft|GCB/FCB Audit Software - Missing Authentication — GCB/FCB Audit SoftwareCWE-306 9.8 Critical2026-03-17
CVE-2026-2373 Royal Addons for Elementor – Addons and Templates Kit for Elementor <= 1.7.1049 - Missing Authorization to Unauthenticated Custom Post Type Contents Exposure — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-862 5.3 Medium2026-03-17
CVE-2026-2579 WowStore – Store Builder & Product Blocks for WooCommerce <= 4.4.3 - Unauthenticated SQL Injection via 'search' Parameter — WowStore – Store Builder & Product Blocks for WooCommerceCWE-89 7.5 High2026-03-17
CVE-2026-29522 ZwickRoell Test Data Management < 3.0.8 Path Traversal LFI — Test Data ManagementCWE-22 7.5AIHighAI2026-03-16
CVE-2026-28430 Chamilo LMS Vulnerable to Unauthenticated SQL Injection in chamiko-lms model.ajax.php — chamilo-lmsCWE-89 9.8AICriticalAI2026-03-16
CVE-2026-32267 Craft CMS Vulnerable to Privilege Escalation/Bypass through UsersController->actionImpersonateWithToken() — cmsCWE-863 8.8AIHighAI2026-03-16
CVE-2026-27962 Authlib JWS JWK Header Injection: Signature Verification Bypass — authlibCWE-347 9.1 Critical2026-03-16
CVE-2026-2462 Admin RCE via Malicious Plugin Upload on CI Test Instances — MattermostCWE-863 6.6 Medium2026-03-16
CVE-2026-3111 Multiple vulnerabilities on the Educativa Campus — CampusCWE-284 6.5AIMediumAI2026-03-16
CVE-2026-3110 Multiple vulnerabilities on the Educativa Campus — CampusCWE-284 5.3AIMediumAI2026-03-16
CVE-2025-11500 Credentials exposure in tinycontrol devices — Lan Kontroler v3.5CWE-261 8.1AIHighAI2026-03-16
CVE-2026-4222 SSCMS download PathUtils.RemoveParentPath path traversal — SSCMSCWE-22 3.8 Low2026-03-16
CVE-2026-4211 D-Link DNS-1550-04 local_backup_mgr.cgi Local_Backup_Info stack-based overflow — DNS-120CWE-121 8.8 High2026-03-16
CVE-2017-20224 Telesquare SKT LTE Router SDT-CS3B1 WebDAV Arbitrary File Upload — SDT-CS3B1CWE-434 9.8 Critical2026-03-16
CVE-2017-20222 Telesquare SKT LTE Router SDT-CS3B1 Unauthenticated Remote Reboot — SDT-CS3B1CWE-306 7.5 High2026-03-16
CVE-2025-69809 bareiron 安全漏洞 — n/a 9.8AICriticalAI2026-03-16
CVE-2025-69808 bareiron 安全漏洞 — n/a 9.1AICriticalAI2026-03-16
CVE-2025-69727 INDEX ÉDUCATION PRONOTE 安全漏洞 — n/a 5.3AIMediumAI2026-03-16
CVE-2025-50881 ITFlow 安全漏洞 — n/a 9.8AICriticalAI2026-03-16
CVE-2015-20120 RealtyScript 4.0.2 Multiple Time-based Blind SQL Injection — RealtyScriptCWE-89 8.2 High2026-03-15
CVE-2017-20220 Serviio PRO 1.8 Unauthenticated Password Change via REST API — Serviio PROCWE-306 7.5 High2026-03-15
CVE-2017-20217 Serviio PRO 1.8 REST API Information Disclosure — Serviio PROCWE-306 7.5 High2026-03-15
CVE-2015-20121 RealtyScript 4.0.2 SQL Injection via u_id and agent Parameters — RealtyScriptsCWE-89 8.2 High2026-03-15
CVE-2015-20117 RealtyScript 4.0.2 Cross-Site Request Forgery Unauthorized User Creation — RealtyScriptCWE-352 5.3 Medium2026-03-15
CVE-2026-4183 D-Link DIR-816 goahead form2WlanBasicSetup.cgi stack-based overflow — DIR-816CWE-121 9.8 Critical2026-03-15

Vulnerabilities classified as access:pre-auth represent 19070 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.