Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19704

19704 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2019-25520 Jettweb PHP Hazir Haber Sitesi Scripti V1 Authentication Bypass — Hazir Haber Sitesi ScriptiCWE-89 8.2 High2026-03-12
CVE-2019-25518 Jettweb PHP Hazir Haber Sitesi Scripti V1 SQL Injection via arama.php — Hazir Haber Sitesi ScriptiCWE-89 8.2 High2026-03-12
CVE-2019-25517 Jettweb PHP Hazir Haber Sitesi Scripti V1 SQL Injection via haberarsiv.php — Hazir Haber Sitesi ScriptiCWE-89 8.2 High2026-03-12
CVE-2019-25516 Jettweb PHP Hazir Haber Sitesi Scripti V1 SQL Injection via gallery.php — Hazir Haber Sitesi ScriptiCWE-89 8.2 High2026-03-12
CVE-2019-25515 Jettweb PHP Hazir Haber Sitesi Scripti V3 Authentication Bypass — Hazir Haber Sitesi ScriptiCWE-89 7.5 High2026-03-12
CVE-2019-25513 Jettweb PHP Hazir Haber Sitesi Scripti V3 SQL Injection via datagetir.php — Hazir Haber Sitesi ScriptiCWE-89 8.2 High2026-03-12
CVE-2019-25511 Jettweb PHP Hazir Haber Sitesi Scripti V3 SQL Injection — Hazir Haber Sitesi ScriptiCWE-89 8.2 High2026-03-12
CVE-2019-25510 Jettweb PHP Hazir Haber Sitesi Scripti V2 Authentication Bypass — Hazir Haber Sitesi ScriptiCWE-89 8.2 High2026-03-12
CVE-2019-25509 XooDigital Lastest Latest SQL Injection via results.php — XooDigitalCWE-89 8.2 High2026-03-12
CVE-2019-25508 Jettweb Php Hazir Ilan Sitesi Scripti V2 SQL Injection via katgetir.php — Hazir Ilan Sitesi ScriptiCWE-89 8.2 High2026-03-12
CVE-2019-25482 Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 SQL Injection — Hazir Rent A Car Sitesi ScriptiCWE-89 8.2 High2026-03-12
CVE-2019-25488 Jettweb Hazir Rent A Car Scripti V4 SQL Injection via admin — Rent A Car ScriptiCWE-89 8.2 High2026-03-12
CVE-2019-25481 iScripts ReserveLogic Lastest SQL Injection via search endpoint — iScripts ReserveLogicCWE-89 8.2 High2026-03-12
CVE-2019-25479 Inout RealEstate Lastest SQL Injection via agentlistdetails — Inout RealEstateCWE-89 8.2 High2026-03-12
CVE-2026-4041 Tenda i12 exeCommand vos_strcpy stack-based overflow — i12CWE-121 8.8 High2026-03-12
CVE-2026-2987 Simple Ajax Chat <= 20260217 - Unauthenticated Stored Cross-Site Scripting via 'c' — Simple Ajax Chat – Add a Fast, Secure Chat BoxCWE-79 6.1 Medium2026-03-12
CVE-2026-3060 CVE-2026-3060 — SGLang 9.8AICriticalAI2026-03-12
CVE-2026-3059 CVE-2026-3059 — SGLang 9.8AICriticalAI2026-03-12
CVE-2025-15473 Timetics < 1.0.52 - Unauthenticated Payment/Booking Status Update — Timetics 5.3AIMediumAI2026-03-12
CVE-2026-3657 My Sticky Bar <= 2.8.6 - Unauthenticated SQL Injection via 'stickymenu_contact_lead_form' Action — My Sticky Bar – Floating Notification Bar & Sticky Header (formerly myStickymenu)CWE-89 7.5 High2026-03-12
CVE-2026-25819 HMS Cosy+和HMS Ewon Flexy 安全漏洞 — n/a 7.5 -2026-03-12
CVE-2026-25823 HMS Ewon Flexy和HMS Networks HMS Cosy+ 安全漏洞 — n/a 9.8 -2026-03-12
CVE-2026-32136 AdGuard Home: HTTP/2 Cleartext (h2c) Upgrade Authentication Bypass — AdGuardHomeCWE-287 9.8 Critical2026-03-11
CVE-2026-32130 ZITADEL SCIM Authentication Bypass via URL Encoding — zitadelCWE-288 7.5 High2026-03-11
CVE-2026-32111 ha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracle — ha-mcpCWE-918 5.3 Medium2026-03-11
CVE-2026-32096 Plunk has SSRF via unvalidated AWS SNS SubscriptionConfirmation in POST /webhooks/sns — plunkCWE-918 9.3 Critical2026-03-11
CVE-2026-31888 Shopware has user enumeration via distinct error codes on Store API login endpoint — coreCWE-204 5.3 Medium2026-03-11
CVE-2026-31887 Shopware unauthenticated data extraction possible through store-api.order endpoint — coreCWE-863 9.1AICriticalAI2026-03-11
CVE-2026-31881 Runtipi unauthenticated /api/auth/reset-password allows operator account takeover during active reset window — runtipiCWE-306 7.7 High2026-03-11
CVE-2019-25487 SAPIDO RB-1732 V2.0.43 Remote Command Execution via formSysCmd — RB-1732CWE-639 9.8 Critical2026-03-11

Vulnerabilities classified as access:pre-auth represent 19704 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.