Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19284

19284 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2026-2742 Unauthorized session creation via reserved framework path access — vaadinCWE-284 9.1AICriticalAI2026-03-10
CVE-2026-2724 Unlimited Elements For Elementor <= 2.0.5 - Unauthenticated Stored Cross-Site Scripting via Form Entry Fields — Unlimited Elements For ElementorCWE-79 7.2 High2026-03-10
CVE-2026-1261 MetForm Pro <= 3.9.6 - Unauthenticated Stored Cross-Site Scripting — MetForm ProCWE-79 7.2 High2026-03-10
CVE-2025-41712 Incorrect Permission Assignment on power analyzer — UMG 96RM-E 24V(5222063)CWE-732 6.5 Medium2026-03-10
CVE-2025-41711 Use of a Broken or Risky Cryptographic Algorithm for firmware images of power analyzer — UMG 96RM-E 24V(5222063)CWE-327 5.3 Medium2026-03-10
CVE-2025-41710 Use of Hard-coded Credentials in power analyzer — UMG 96RM-E 24V(5222063)CWE-798 6.5 Medium2026-03-10
CVE-2025-41709 Command injection in power analyzer via Modbus-TCP and Modbus-RTU — UMG 96RM-E 24V(5222063)CWE-78 9.8 Critical2026-03-10
CVE-2026-0953 Tutor LMS Pro <= 3.9.5 - Authentication Bypass via Social Login — Tutor LMS ProCWE-287 9.8 Critical2026-03-10
CVE-2026-1919 Booktics <= 1.0.16 - Missing Authorization to Get Items via REST API endpoints — Booktics – Booking Calendar for Appointments and Service BusinessesCWE-306 5.3 Medium2026-03-10
CVE-2026-1920 Booktics <= 1.0.16 - Missing Authorization to Addon Plugin Installation — Booktics – Booking Calendar for Appointments and Service BusinessesCWE-306 5.3 Medium2026-03-10
CVE-2026-24317 DLL Hijacking vulnerability in SAP GUI for Windows with active GuiXT — SAP GUI for Windows with active GuiXTCWE-427 5.0 Medium2026-03-10
CVE-2026-0489 DOM-based Cross-Site Scripting (XSS) Vulnerability in SAP Business One (Job Service) — SAP Business One (Job Service)CWE-79 6.1 Medium2026-03-10
CVE-2026-30885 WWBN AVideo - Unauthenticated IDOR - Playlist Information Disclosure — AVideoCWE-306 5.3AIMediumAI2026-03-09
CVE-2026-31816 Budibase Universal Auth Bypass via Webhook Query Param Injection — budibaseCWE-74 9.1 Critical2026-03-09
CVE-2026-3814 UTT HiPER 810G getOneApConfTempEntry strcpy buffer overflow — HiPER 810GCWE-120 8.8 High2026-03-09
CVE-2026-3813 opencc JFlow WF_CCForm.java Calculate injection — JFlowCWE-74 6.3 Medium2026-03-09
CVE-2025-41772 wwwupdate.cgi Session token in URL — UBR-01 Mk IICWE-598 7.5 High2026-03-09
CVE-2025-41762 Secret leak with wwwdnload.cgi — UBR-01 Mk IICWE-328 6.2 Medium2026-03-09
CVE-2026-3823 Atop Technologies|EHG2408 series switch - Stack-based Buffer Overflow — EHG2408CWE-121 8.8 High2026-03-09
CVE-2026-3822 Taipower|Taipower APP(Android) - Improper Certificate Validation — Taipower APPCWE-295 6.5 Medium2026-03-09
CVE-2025-70973 Sensorweb ScadaBR 安全漏洞 — n/a 8.8AIHighAI2026-03-09
CVE-2026-30140 Tenda W15E 安全漏洞 — n/a 9.8AICriticalAI2026-03-09
CVE-2026-3725 1024-lab/lab1024 SmartAdmin FreeMarker Template MailService.java freemarkerResolverContent special elements used in a template engine — SmartAdminCWE-1336 6.3 Medium2026-03-08
CVE-2026-3701 H3C Magic B1 aspForm Edit_BasicSSID_5G buffer overflow — Magic B1CWE-120 8.8 High2026-03-08
CVE-2026-3704 Wavlink NU516U1 Incomplete Fix CVE-2025-10959 firewall.cgi sub_405B2C command injection — NU516U1CWE-77 4.7 Medium2026-03-08
CVE-2026-3697 Planet ICG-2510 Language Package Configuration httpd sub_40C8E4 stack-based overflow — ICG-2510CWE-121 6.3 Medium2026-03-08
CVE-2026-3696 Totolink N300RH CGI cstecgi.cgi setWiFiWpsConfig os command injection — N300RHCWE-78 7.3 High2026-03-08
CVE-2026-3682 welovemedia FFmate ffmpeg.go Execute argument injection — FFmateCWE-88 6.3 Medium2026-03-07
CVE-2026-3679 Tenda FH451 QuickIndex formQuickIndex stack-based overflow — FH451CWE-121 8.8 High2026-03-07
CVE-2026-30861 WeKnora: Remote Code Execution (RCE) via Command Injection in MCP Stdio Configuration Validation — WeKnoraCWE-78 10.0 Critical2026-03-07

Vulnerabilities classified as access:pre-auth represent 19284 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.