Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19065

19065 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2015-0225 Apache Cassandra 操作系统命令注入漏洞 — n/a 9.8 -2015-04-03
CVE-2014-9043 OwnCloud user_ldap应用程序权限许可和访问控制漏洞 — n/a 9.8 -2015-02-04
CVE-2014-7807 Apache CloudStack 授权问题漏洞 — n/a 9.8 -2014-12-10
CVE-2014-0488 APT 输入验证错误漏洞 — n/a 8.8 -2014-11-03
CVE-2014-6387 MantisBT 身份验证绕过漏洞 — n/a 9.8 -2014-10-22
CVE-2014-8088 Zend Framework 身份验证绕过漏洞 — n/a 9.8 -2014-10-22
CVE-2014-8763 DokuWiki 身份验证绕过漏洞 — n/a 8.1 -2014-10-22
CVE-2014-0074 Apache Shiro‘login.jsp’ 授权问题漏洞 — n/a 8.1 -2014-10-06
CVE-2014-4668 Cherokee 授权问题漏洞 — n/a 8.1 -2014-07-02
CVE-2013-3514 OpenX 目录遍历漏洞 — n/a 7.5 -2014-05-14
CVE-2014-0778 Progea Movicon SCADA Exposure of Sensitive Information to an Unauthorized Actor — MoviconCWE-200 5.3 -2014-04-19
CVE-2014-2744 Prosody和Lightwitch Metronome 输入验证漏洞 — n/a 5.9 -2014-04-11
CVE-2013-2945 b2evolution SQL注入漏洞 — n/a 8.8 -2014-04-02
CVE-2014-2034 Sonatype Nexus 安全漏洞 — n/a 9.8 -2014-04-01
CVE-2013-2559 Symphony CMS ‘sort’参数SQL注入漏洞 — n/a 8.8 -2014-03-27
CVE-2013-1408 WordPress Wysija Newsletters插件多个SQL注入漏洞 — n/a 9.8 -2014-03-24
CVE-2013-3727 Kasseler CMS ‘groups’参数SQL注入漏洞 — n/a 8.8 -2014-03-13
CVE-2012-6290 ImageCMS ‘q’参数SQL注入漏洞 — n/a 8.8 -2014-03-11
CVE-2014-1888 WordPress BuddyPress 跨站脚本漏洞 — n/a 5.4 -2014-02-28
CVE-2014-0626 EMC RSA BSAFE JSAFE和JSSE API 加密问题漏洞 — n/a 5.9 -2014-02-18
CVE-2013-3365 Trendnet TEW-812DRU 操作系统命令注入漏洞 — n/a 8.8 -2014-02-04
CVE-2014-1204 Tableau Server SQL注入漏洞 — n/a 7.5 -2014-01-31
CVE-2013-7106 Icinga Web Interface 缓冲区溢出漏洞 — n/a 8.8 -2014-01-14
CVE-2013-6918 Satechi Travel Router Web接口安全漏洞 — n/a 5.9 -2013-11-30
CVE-2013-3469 Cisco Mobility Services Engine 安全绕过漏洞 — n/a 5.9 -2013-09-04
CVE-2012-5952 IBM WebSphere Message Broker 授权问题漏洞 — n/a 5.3 -2013-02-20
CVE-2012-2243 Mahara 跨站脚本漏洞 — n/a 6.1 -2012-11-24
CVE-2012-2244 Mahara 权限许可和访问控制漏洞 — n/a 7.2 -2012-11-24
CVE-2012-2377 JBoss Enterprise BRMS Platform JGroups Diagnostics Service 信息泄露漏洞 — n/a 4.3 -2012-11-23
CVE-2011-4945 PolicyKit 权限许可和访问控制问题漏洞 — n/a 7.8 -2012-10-01

Vulnerabilities classified as access:pre-auth represent 19065 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.