Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19070

19070 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2026-32230 Uptime Kuma is Missing Authorization Checks on Ping Badge Endpoint, Leaks Ping times of monitors without needing to be on a status page — uptime-kumaCWE-862 5.3 Medium2026-03-12
CVE-2026-28254 Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge — Tracer SCCWE-862 7.5AIHighAI2026-03-12
CVE-2026-28253 Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge — Tracer SCCWE-789 7.5AIHighAI2026-03-12
CVE-2026-29066 Arbitrary File Read via Disabled Vite Filesystem Restriction in TinaCMS CLI — cliCWE-552 6.2 Medium2026-03-12
CVE-2019-25542 Netartmedia Real Estate Portal 5.0 SQL Injection via index.php — Netartmedia Real Estate PortalCWE-89 8.2 High2026-03-12
CVE-2019-25543 Netartmedia Real Estate Portal 5.0 SQL Injection via index.php — Netartmedia Real Estate PortalCWE-89 8.2 High2026-03-12
CVE-2019-25541 Netartmedia PHP Mall 4.1 Multiple SQL Injection — Netartmedia PHP MallCWE-89 8.2 High2026-03-12
CVE-2019-25540 Netartmedia PHP Mall 4.1 Multiple SQL Injection — Netartmedia PHP MallCWE-89 8.2 High2026-03-12
CVE-2019-25539 202CMS v10 beta SQL Injection via register.php — 202CMSCWE-89 8.2 High2026-03-12
CVE-2019-25538 202CMS v10 beta SQL Injection via log_user Parameter — 202CMSCWE-89 8.2 High2026-03-12
CVE-2019-25537 Netartmedia Event Portal 2.0 SQL Injection via loginaction.php — Netartmedia Event PortalCWE-89 8.2 High2026-03-12
CVE-2019-25535 Netartmedia PHP Dating Site SQL Injection via loginaction.php — Netartmedia Php Dating SiteCWE-89 8.2 High2026-03-12
CVE-2019-25536 Netartmedia PHP Real Estate Agency 4.0 SQL Injection via features parameter — Netartmedia PHP Real Estate AgencyCWE-89 8.2 High2026-03-12
CVE-2019-25534 Netartmedia PHP Car Dealer SQL Injection via features parameter — Netartmedia PHP Car DealerCWE-89 8.2 High2026-03-12
CVE-2019-25533 Netartmedia PHP Business Directory 4.2 SQL Injection via loginaction.php — Netartmedia PHP Business DirectoryCWE-89 8.2 High2026-03-12
CVE-2019-25532 Netartmedia Jobs Portal 6.1 SQL Injection via loginaction.php — Netartmedia Jobs PortalCWE-89 8.2 High2026-03-12
CVE-2019-25531 Netartmedia Deals Portal Lastest SQL Injection via loginaction.php — Netartmedia Deals PortalCWE-89 8.2 High2026-03-12
CVE-2019-25530 uHotelBooking System Lastest SQL Injection via system_page Parameter — uHotelBooking SystemCWE-89 8.2 High2026-03-12
CVE-2019-25527 Inout EasyRooms Ultimate Edition v1.0 SQL Injection via searchdetailed — Inout EasyRooms Ultimate EditionCWE-89 8.2 High2026-03-12
CVE-2019-25528 Inout EasyRooms Ultimate Edition v1.0 SQL Injection via search — Inout EasyRooms Ultimate EditionCWE-89 8.2 High2026-03-12
CVE-2019-25526 Inout EasyRooms Ultimate Edition v1.0 SQL Injection via search — Inout EasyRooms Ultimate EditionCWE-89 8.2 High2026-03-12
CVE-2019-25525 Inout EasyRooms Ultimate Edition v1.0 SQL Injection via search — Inout EasyRooms Ultimate EditionCWE-89 8.2 High2026-03-12
CVE-2019-25524 XooGallery Lastest Latest SQL Injection via results.php — XooGalleryCWE-89 8.2 High2026-03-12
CVE-2019-25522 XooGallery Lastest Latest Multiple SQL Injections via photo.php — XooGalleryCWE-89 8.2 High2026-03-12
CVE-2019-25523 XooGallery Lastest Latest SQL Injection via cat.php — XooGalleryCWE-89 8.2 High2026-03-12
CVE-2019-25521 XooGallery Lastest Latest SQL Injection via gal.php gal_id — XooGalleryCWE-89 8.2 High2026-03-12
CVE-2019-25520 Jettweb PHP Hazir Haber Sitesi Scripti V1 Authentication Bypass — Hazir Haber Sitesi ScriptiCWE-89 8.2 High2026-03-12
CVE-2019-25518 Jettweb PHP Hazir Haber Sitesi Scripti V1 SQL Injection via arama.php — Hazir Haber Sitesi ScriptiCWE-89 8.2 High2026-03-12
CVE-2019-25517 Jettweb PHP Hazir Haber Sitesi Scripti V1 SQL Injection via haberarsiv.php — Hazir Haber Sitesi ScriptiCWE-89 8.2 High2026-03-12
CVE-2019-25516 Jettweb PHP Hazir Haber Sitesi Scripti V1 SQL Injection via gallery.php — Hazir Haber Sitesi ScriptiCWE-89 8.2 High2026-03-12

Vulnerabilities classified as access:pre-auth represent 19070 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.