Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19070

19070 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2019-25465 Hisilicon HiIpcam V100R003 Information Disclosure via Directory Traversal — HiIpcamCWE-260 7.5 High2026-03-11
CVE-2018-25159 Epross AVCON6 OGNL Remote Code Execution via login.action — AVCON6 systems management platformCWE-1334 9.8 Critical2026-03-11
CVE-2026-31874 Taskosaur Improper Role Assignment via Parameter Manipulation in User Registration — TaskosaurCWE-284 9.8 Critical2026-03-11
CVE-2026-20118 Cisco IOS-XR NCS 5500 and NCS 5700 Egress Packet Network Interfaces Aligner Interrupt Denial of Service Vulnerability — Cisco IOS XR SoftwareCWE-460 6.8 Medium2026-03-11
CVE-2026-20117 Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities — Cisco Unified Contact Center ExpressCWE-79 6.1 Medium2026-03-11
CVE-2026-20116 Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities — Cisco Unified Contact Center ExpressCWE-79 6.1 Medium2026-03-11
CVE-2026-20074 Cisco IOS XR Software Multi-Instance Intermediate System-to-Intermediate System Denial of Service Vulnerability — Cisco IOS XR SoftwareCWE-1287 7.4 High2026-03-11
CVE-2025-13929 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 7.5 High2026-03-11
CVE-2025-14513 Improper Validation of Specified Quantity in Input in GitLab — GitLabCWE-1284 7.5 High2026-03-11
CVE-2026-1069 Uncontrolled Recursion in GitLab — GitLabCWE-674 7.5 High2026-03-11
CVE-2026-27897 Vociferous Unauthenticated Remote Path Traversal (RCE via CSRF) — VociferousCWE-22 10.0 Critical2026-03-11
CVE-2026-3013 Path Traversal in Coppermine Photo Gallery — Coppermine Photo GalleryCWE-22 7.5AIHighAI2026-03-11
CVE-2026-30903 Zoom Workplace 安全漏洞 — Zoom WorkplaceCWE-73 9.6 Critical2026-03-11
CVE-2026-32062 OpenClaw 2026.2.21-2 < 2026.2.22 - Unauthenticated WebSocket Resource Exhaustion via Media Stream — openclawCWE-770 7.5 High2026-03-11
CVE-2026-3496 JetBooking <= 4.0.3 - Unauthenticated SQL Injection via 'check_in_date' Parameter — JetBookingCWE-89 7.5 High2026-03-11
CVE-2026-3178 Name Directory <= 1.32.1 - Unauthenticated Stored Cross-Site Scripting via 'name_directory_name' — Name DirectoryCWE-79 7.2 High2026-03-11
CVE-2026-3231 Checkout Field Editor (Checkout Manager) for WooCommerce <= 2.1.7 - Unauthenticated Stored Cross-Site Scripting via Block Checkout Custom Radio Field — Checkout Field Editor (Checkout Manager) for WooCommerceCWE-79 7.2 High2026-03-11
CVE-2026-1454 Responsive Contact Form Builder & Lead Generation Plugin <= 2.0.1 - Unauthenticated Stored Cross-Site Scripting — Lead Form Builder & Contact FormCWE-79 7.2 High2026-03-11
CVE-2026-1708 Appointment Booking Calendar <= 1.6.9.27 - Unauthenticated SQL Injection via 'append_where_sql' Parameter — Appointment Booking Calendar — Simply Schedule Appointments Booking PluginCWE-89 7.5 High2026-03-11
CVE-2026-3903 Modular Connector <= 2.5.1 - Cross-Site Request Forgery via postConfirmOauth — Modular DS: Monitor, update, and backup multiple websitesCWE-352 4.3 Medium2026-03-11
CVE-2026-3826 WellChoose|IFTOP - Local File Inclusion — IFTOPCWE-98 9.8 Critical2026-03-11
CVE-2026-2626 Divi Booster < 5.0.2 - Unauthenticated PHP Object Injection — divi-booster 7.5AIHighAI2026-03-11
CVE-2026-2631 Datalogics Ecommerce Delivery < 2.6.60 - Unauthenticated Privilege Escalation — Datalogics Ecommerce Delivery 9.8AICriticalAI2026-03-11
CVE-2026-1867 WP Front User Submit < 5.0.6 - Unauthenticated Sensitive Information Exposure — Guest posting / Frontend Posting / Front Editor 7.5AIHighAI2026-03-11
CVE-2026-3222 WP Maps <= 4.9.1 - Unauthenticated SQL Injection via 'location_id' Parameter — WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & FiltersCWE-89 7.5 High2026-03-11
CVE-2026-2413 Ally – Web Accessibility & Usability <= 4.0.3 - Unauthenticated SQL Injection via URL Path — Ally – Web Accessibility & UsabilityCWE-89 7.5 High2026-03-11
CVE-2026-23817 Unauthenticated Open Redirect allows URL Manipulation in Web Interface — AOS-CX 6.5 Medium2026-03-11
CVE-2026-23813 Authentication Bypass in Web Interface allows Unauthenticated Admin Password Reset — AOS-CX 9.8 Critical2026-03-11
CVE-2025-12473 RTMKit <= 1.6.8 - Reflected Cross-Site Scripting via 'themebuilder' Parameter — RTMKitCWE-79 6.1 Medium2026-03-11
CVE-2026-1781 MC4WP: Mailchimp for WordPress <= 4.11.1 - Missing Authorization to Unauthenticated Arbitrary Subscription Deletion — MC4WP: Mailchimp for WordPressCWE-862 6.5 Medium2026-03-11

Vulnerabilities classified as access:pre-auth represent 19070 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.