Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 20447

20447 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2018-3298 Oracle Virtualization VM VirtualBox组件安全漏洞 — VM VirtualBox 8.6 -2018-10-17
CVE-2018-3299 Oracle Database Server Text组件安全漏洞 — Text 8.2 -2018-10-17
CVE-2018-3301 Oracle PeopleSoft Products PeopleSoft Enterprise PeopleTools组件安全漏洞 — PeopleSoft Enterprise PT PeopleTools 6.1 -2018-10-17
CVE-2018-3302 Oracle Fusion Middleware Outside In Technology组件安全漏洞 — Outside In Technology 7.1 -2018-10-17
CVE-2018-17532 Teltonika RUT9XX路由器操作系统命令注入漏洞 — n/a 9.8 -2018-10-15
CVE-2018-10141 Palo Alto Networks PAN-OS 跨站脚本漏洞 — Palo Alto Networks 6.1 -2018-10-12
CVE-2018-9206 Blueimp jQuery-File-Upload 安全漏洞 — Blueimp jQuery-File-Upload 9.8 -2018-10-11
CVE-2018-1745 IBM Security Key Lifecycle Manager 访问控制错误漏洞 — Security Key Lifecycle Manager 7.5 -2018-10-11
CVE-2018-13789 Descor Infocad FM 安全漏洞 — n/a 7.5 -2018-10-10
CVE-2018-17784 SugarCRM Community Edition 跨站脚本漏洞 — n/a 6.1 -2018-10-10
CVE-2018-0044 NFX Series: Insecure sshd configuration in Juniper Device Manager (JDM) and host OS — Junos OS 8.1 -2018-10-10
CVE-2018-0048 Junos OS: Memory exhaustion denial of service vulnerability in Routing Protocols Daemon (RPD) with Juniper Extension Toolkit (JET) support. — Junos OSCWE-400 7.5 -2018-10-10
CVE-2018-0052 Junos OS: Unauthenticated remote root access possible when RSH service is enabled — Junos OS 9.8 -2018-10-10
CVE-2018-0053 vSRX Series: A local authentication vulnerability may lead to full control of a vSRX instance while the system is booting. — Junos OS 6.8 -2018-10-10
CVE-2018-0061 Junos OS: Denial of service in telnetd — Junos OS 5.3 -2018-10-10
CVE-2018-0062 Junos OS: Denial of Service in J-Web — Junos OS 7.5 -2018-10-10
CVE-2018-12152 Intel Graphics Drivers Unified Shader Compiler 缓冲区错误漏洞 — Intel Graphics Driver 7.3 -2018-10-10
CVE-2018-12161 Intel Rapid Web Server webserver组件信息泄露漏洞 — Intel RAID Web Server 3 7.5 -2018-10-10
CVE-2018-12173 Intel Server Board、Server System和Compute Module 安全漏洞 — Intel Server Boards Firmware 8.4 -2018-10-10
CVE-2018-7631 ADB Epicentro 缓冲区错误漏洞 — n/a 9.8 -2018-10-09
CVE-2018-14649 Red Hat Ceph Storage 存在命令注入漏洞 — ceph-iscsi-cliCWE-77 9.8 -2018-10-09
CVE-2018-18066 Net-SNMP 代码问题漏洞 — n/a 7.5 -2018-10-08
CVE-2018-17440 D-Link Central WiFi Manager 安全漏洞 — n/a 9.8 -2018-10-08
CVE-2018-11082 Cloud Foundry UAA MFA does not prevent brute force of MFA code — UAA Release 7.5 -2018-10-05
CVE-2018-0405 Cisco RV180W Wireless-N Multifunction VPN Router Directory Path Traversal Vulnerability — Cisco RV180W Wireless-N Multifunction VPN RouterCWE-22 7.5 -2018-10-05
CVE-2018-0404 Cisco RV180W Wireless-N Multifunction VPN Router SQL Injection Vulnerability — Cisco RV180W Wireless-N Multifunction VPN RouterCWE-89 9.1 -2018-10-05
CVE-2018-0197 Cisco IOS and IOS XE Software VLAN Trunking Protocol Denial of Service Vulnerability — Cisco IOS and IOS XE SoftwareCWE-20 4.3 -2018-10-05
CVE-2018-0421 Cisco Prime Access Registrar Denial of Service Vulnerability — Cisco Prime Access RegistrarCWE-399 7.5 -2018-10-05
CVE-2018-0423 Cisco RV110W, RV130W, and RV215W Routers Management Interface Buffer Overflow Vulnerability — Cisco RV130W Wireless-N Multifunction VPN Router FirmwareCWE-119 9.8 -2018-10-05
CVE-2018-0425 Cisco RV110W, RV130W, and RV215W Routers Management Interface Information Disclosure Vulnerability — Cisco RV130W Wireless-N Multifunction VPN Router FirmwareCWE-200 9.1 -2018-10-05

Vulnerabilities classified as access:pre-auth represent 20447 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.