目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

access:pre-auth 标签下的 CVE 漏洞 19044

access:pre-auth 类型相关 19044 条 CVE 漏洞,含 AI 中文分析、CVSS、参考链接与 POC。

“access:pre-auth”标签标识了无需身份验证即可触发的漏洞,涵盖18971个CVE。此类漏洞之所以关键,是因为攻击者无需凭证即可直接利用,极大降低了攻击门槛并扩大了潜在受害面。典型场景包括远程代码执行、未授权数据访问及拒绝服务攻击,常见于配置错误的API接口、默认凭证服务或存在逻辑缺陷的认证前处理模块,对系统安全性构成直接且严重的威胁。

CVE ID标题CVSS风险等级Published
CVE-2026-33190 CoreDNS TSIG认证绕过漏洞 — corednsCWE-303--2026-05-05
CVE-2026-27960 OpenCTI 提权及未授权访问漏洞 — openctiCWE-287 9.8 Critical2026-05-05
CVE-2026-32689 Phoenix Long-poll NDJSON 未限制内存分配漏洞 — phoenixCWE-770--2026-05-05
CVE-2026-7412 BaSyx Java Server SDK<2.0.0-M10反代未校验漏洞 — Eclipse BaSyxCWE-918 8.6 High2026-05-05
CVE-2026-7411 Eclipse BaSyx Java Server SDK路径遍历致RCE — Eclipse BaSyxCWE-22 10.0 Critical2026-05-05
CVE-2026-4304 WeePie Cookie Allow <=3.4.11 consent参数未授权SQL注入漏洞 — WeePie Cookie AllowCWE-89 7.5 High2026-05-05
CVE-2023-54349 AmazCart CMS 3.4 搜索反射型 XSS 漏洞 — AmazCart CMSCWE-79 6.1 Medium2026-05-05
CVE-2023-54346 WordPress插件Backup Migration 1.2.8 未授权数据库备份下载漏洞 — WordPress Plugin Backup MigrationCWE-538 7.5 High2026-05-05
CVE-2023-54344 Eclipse Equinox OSGi 3.7.2 远程代码执行漏洞 — [OSGiCWE-306 9.8 Critical2026-05-05
CVE-2023-54342 Eclipse Equinox OSGi 3.8-3.18 控制台远程代码执行漏洞 — [OSGiCWE-306 9.8 Critical2026-05-05
CVE-2026-3359 10Web Form Maker <=1.15.42 未授权SQL注入漏洞 — Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form BuilderCWE-89 7.5 High2026-05-05
CVE-2026-5192 Forminator Forms <=1.52.1 未认证任意文件读取漏洞 — Forminator Forms – Contact Form, Payment Form & Custom Form BuilderCWE-22 7.5 High2026-05-05
CVE-2026-2729 WordPress Forminator插件 <=1.52.0 通过paymentid绕过Stripe支付授权漏洞 — Forminator Forms – Contact Form, Payment Form & Custom Form BuilderCWE-639 5.3 Medium2026-05-05
CVE-2026-4362 ElementsKit Elementor <=3.8.2 未授权小部件内容覆盖漏洞 — ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for ElementorCWE-862 6.5 Medium2026-05-05
CVE-2026-4803 Royal Addons for Elementor <=1.7.1056 未授权存储型XSS漏洞 — Royal Addons for Elementor – Addons and Templates Kit for ElementorCWE-79 7.2 High2026-05-05
CVE-2026-5294 GeekyBot <= 1.2.2 未授权插件安装漏洞 — GeekyBot — AI Copilot, Chatbot, WooCommerce Lead Gen & Zero-Prompt ContentCWE-862 9.8 Critical2026-05-05
CVE-2026-3456 GeekyBot <=1.2.0 未授权SQL注入漏洞 — GeekyBot — AI Copilot, Chatbot, WooCommerce Lead Gen & Zero-Prompt ContentCWE-89 7.5 High2026-05-05
CVE-2026-35228 Oracle MCP Server Helper Tool 1.0.1-1.0.156 SQL注入漏洞 — Oracle MCP Server Helper Tool product of Oracle Open Source Projects 8.7 High2026-05-05
CVE-2026-6704 Blog Settings 1.0 通过页面参数的反射型跨站脚本漏洞 — Blog SettingsCWE-79 6.1 Medium2026-05-05
CVE-2026-6700 DX Sources <= 2.0.1 跨站请求伪造至设置更新漏洞 — DX SourcesCWE-352 4.3 Medium2026-05-05
CVE-2026-6702 Ping.fm <=1.1 跨站请求伪造致存储型XSS漏洞 — Publish 2 Ping.fmCWE-352 6.1 Medium2026-05-05
CVE-2026-4409 Subscribe To Comments Reloaded ≤ 240119 任意订阅管理漏洞 — Subscribe To Comments ReloadedCWE-200 6.5 Medium2026-05-05
CVE-2026-5100 AWP Classifieds <= 4.4.5 未授权SQL注入漏洞 — AWP ClassifiedsCWE-89 7.5 High2026-05-05
CVE-2026-6696 Zingaya Click-to-Call <= 1.0 邮箱参数反射型XSS漏洞 — Zingaya Click-to-CallCWE-79 6.1 Medium2026-05-05
CVE-2025-13618 Mentoring <=1.2.8 未授权特权提升漏洞 — MentoringCWE-269 9.8 Critical2026-05-05
CVE-2026-6701 addfreespace <=0.1.3 设置页跨站请求伪造致存储型XSS漏洞 — addfreespaceCWE-352 4.3 Medium2026-05-05
CVE-2026-5722 MoreConvert Pro <= 1.9.14 认证绕过漏洞 — MoreConvert ProCWE-287 9.8 Critical2026-05-05
CVE-2026-43002 OpenStack Horizon 25.6-25.7.2 未授权会话存储耗尽漏洞 — HorizonCWE-696 5.3 Medium2026-05-05
CVE-2026-36356 MeiG FORGE_SLT711固件远程命令执行漏洞 — n/a 9.8AICriticalAI2026-05-05
CVE-2026-42238 nginx-ui 备份还原未授权远程代码执行漏洞 — nginx-uiCWE-94 9.8AICriticalAI2026-05-04

access:pre-auth 是常见的弱点类别,本平台收录该类弱点关联的 19044 条 CVE 漏洞。