Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19273

19273 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2026-2579 WowStore – Store Builder & Product Blocks for WooCommerce <= 4.4.3 - Unauthenticated SQL Injection via 'search' Parameter — WowStore – Store Builder & Product Blocks for WooCommerceCWE-89 7.5 High2026-03-17
CVE-2026-29522 ZwickRoell Test Data Management < 3.0.8 Path Traversal LFI — Test Data ManagementCWE-22 7.5AIHighAI2026-03-16
CVE-2026-28430 Chamilo LMS Vulnerable to Unauthenticated SQL Injection in chamiko-lms model.ajax.php — chamilo-lmsCWE-89 9.8AICriticalAI2026-03-16
CVE-2026-32267 Craft CMS Vulnerable to Privilege Escalation/Bypass through UsersController->actionImpersonateWithToken() — cmsCWE-863 8.8AIHighAI2026-03-16
CVE-2026-27962 Authlib JWS JWK Header Injection: Signature Verification Bypass — authlibCWE-347 9.1 Critical2026-03-16
CVE-2026-2462 Admin RCE via Malicious Plugin Upload on CI Test Instances — MattermostCWE-863 6.6 Medium2026-03-16
CVE-2026-3111 Multiple vulnerabilities on the Educativa Campus — CampusCWE-284 6.5AIMediumAI2026-03-16
CVE-2026-3110 Multiple vulnerabilities on the Educativa Campus — CampusCWE-284 5.3AIMediumAI2026-03-16
CVE-2025-11500 Credentials exposure in tinycontrol devices — Lan Kontroler v3.5CWE-261 8.1AIHighAI2026-03-16
CVE-2026-4222 SSCMS download PathUtils.RemoveParentPath path traversal — SSCMSCWE-22 3.8 Low2026-03-16
CVE-2026-4211 D-Link DNS-1550-04 local_backup_mgr.cgi Local_Backup_Info stack-based overflow — DNS-120CWE-121 8.8 High2026-03-16
CVE-2017-20224 Telesquare SKT LTE Router SDT-CS3B1 WebDAV Arbitrary File Upload — SDT-CS3B1CWE-434 9.8 Critical2026-03-16
CVE-2017-20222 Telesquare SKT LTE Router SDT-CS3B1 Unauthenticated Remote Reboot — SDT-CS3B1CWE-306 7.5 High2026-03-16
CVE-2025-69809 bareiron 安全漏洞 — n/a 9.8AICriticalAI2026-03-16
CVE-2025-69808 bareiron 安全漏洞 — n/a 9.1AICriticalAI2026-03-16
CVE-2025-50881 ITFlow 安全漏洞 — n/a 9.8AICriticalAI2026-03-16
CVE-2025-69727 INDEX ÉDUCATION PRONOTE 安全漏洞 — n/a 5.3AIMediumAI2026-03-16
CVE-2015-20120 RealtyScript 4.0.2 Multiple Time-based Blind SQL Injection — RealtyScriptCWE-89 8.2 High2026-03-15
CVE-2017-20220 Serviio PRO 1.8 Unauthenticated Password Change via REST API — Serviio PROCWE-306 7.5 High2026-03-15
CVE-2017-20217 Serviio PRO 1.8 REST API Information Disclosure — Serviio PROCWE-306 7.5 High2026-03-15
CVE-2015-20121 RealtyScript 4.0.2 SQL Injection via u_id and agent Parameters — RealtyScriptsCWE-89 8.2 High2026-03-15
CVE-2015-20117 RealtyScript 4.0.2 Cross-Site Request Forgery Unauthorized User Creation — RealtyScriptCWE-352 5.3 Medium2026-03-15
CVE-2026-4183 D-Link DIR-816 goahead form2WlanBasicSetup.cgi stack-based overflow — DIR-816CWE-121 9.8 Critical2026-03-15
CVE-2016-20030 ZKTeco ZKBioSecurity 3.0 User Enumeration via authLoginAction — ZKTeco ZKBioSecurityCWE-551 9.8 Critical2026-03-15
CVE-2016-20026 ZKTeco ZKBioSecurity 3.0 Hardcoded Credentials Remote Code Execution — ZKTeco ZKBioSecurityCWE-798 9.8 Critical2026-03-15
CVE-2026-4180 D-Link DIR-816 goahead redirect.asp access control — DIR-816CWE-284 7.3 High2026-03-15
CVE-2026-4172 TRENDnet TEW-632BRP HTTP POST Request ping_response.cgi stack-based overflow — TEW-632BRPCWE-121 7.2 High2026-03-15
CVE-2026-2233 User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.2.8 - Missing Authorization to Unauthenticated Arbitrary Post Modification via 'post_id' Parameter — User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User RegistrationCWE-862 5.3 Medium2026-03-15
CVE-2026-1947 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.9 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nf_set_entry_update_id — NEX-Forms – Ultimate Forms Plugin for WordPressCWE-639 7.5 High2026-03-15
CVE-2026-1870 Thim Kit for Elementor <= 1.3.7 - Missing Authorization to Unauthenticated Private Course Disclosure — Thim Kit for Elementor – Pre-built Templates & Widgets for ElementorCWE-862 5.3 Medium2026-03-14

Vulnerabilities classified as access:pre-auth represent 19273 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.