access:pre-auth 类型相关 21169 条 CVE 漏洞,含 AI 中文分析、CVSS、参考链接与 POC。
“access:pre-auth”标签标识了无需身份验证即可触发的漏洞,涵盖18971个CVE。此类漏洞之所以关键,是因为攻击者无需凭证即可直接利用,极大降低了攻击门槛并扩大了潜在受害面。典型场景包括远程代码执行、未授权数据访问及拒绝服务攻击,常见于配置错误的API接口、默认凭证服务或存在逻辑缺陷的认证前处理模块,对系统安全性构成直接且严重的威胁。
| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2026-41931 | Vvveb 安全漏洞 — VvvebCWE-1188 | 5.3 | Medium | 2026-05-06 |
| CVE-2026-41934 | Vvveb 安全漏洞 — VvvebCWE-184 | 8.8 | High | 2026-05-06 |
| CVE-2026-20035 | Cisco Unity Connection Web Inbox 代码问题漏洞 — Cisco Unity ConnectionCWE-918 | 7.2 | High | 2026-05-06 |
| CVE-2026-20188 | Cisco Network Services Orchestrator和Cisco Crosswork Network Controller 资源管理错误漏洞 — Cisco Crosswork Network Change AutomationCWE-400 | - | - | 2026-05-06 |
| CVE-2026-20195 | Cisco ISE 安全漏洞 — Cisco Identity Services Engine SoftwareCWE-204 | 5.3 | Medium | 2026-05-06 |
| CVE-2026-41286 | WatchGuard Agent 安全漏洞 — WatchGuard AgentCWE-121 | 6.5AI | MediumAI | 2026-05-06 |
| CVE-2026-41287 | WatchGuard Agent 安全漏洞 — WatchGuard AgentCWE-121 | 6.5AI | MediumAI | 2026-05-06 |
| CVE-2026-1719 | WordPress plugin Gravity Bookings Premium SQL注入漏洞 — Gravity BookingsCWE-89 | 7.5 | High | 2026-05-06 |
| CVE-2026-43975 | Apache Wicket 路径遍历漏洞 — Apache WicketCWE-22 | 9.1AI | CriticalAI | 2026-05-06 |
| CVE-2026-35255 | Oracle Cloud Native Environment Command Line Interface 代码注入漏洞 — Oracle Cloud Native Environment Command Line Interface | 6.6 | Medium | 2026-05-06 |
| CVE-2026-35254 | Oracle OCI CLI 路径遍历漏洞 — Oracle OCI CLI of Oracle Open Source Projects | 6.1 | Medium | 2026-05-06 |
| CVE-2026-7332 | WordPress plugin LatePoint 跨站脚本漏洞 — LatePoint – Calendar Booking Plugin for Appointments and EventsCWE-79 | 7.2 | High | 2026-05-06 |
| CVE-2026-6344 | WordPress plugin Fluent Forms 路径遍历漏洞 — Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form BuilderCWE-22 | 4.9 | Medium | 2026-05-06 |
| CVE-2026-35253 | Oracle Macaron Tool 输入验证错误漏洞 — Oracle Macaron Tool of Oracle Open Source Projects | 4.7 | Medium | 2026-05-06 |
| CVE-2026-3208 | WordPress plugin Mercado Pago payments for WooCommerce 安全漏洞 — Mercado Pago payments for WooCommerceCWE-862 | 5.3 | Medium | 2026-05-06 |
| CVE-2026-34473 | ZTE多款产品 资源管理错误漏洞 — n/a | 7.5AI | HighAI | 2026-05-06 |
| CVE-2026-40075 | openmrs-core 路径遍历漏洞 — openmrs-coreCWE-22 | 7.5 | - | 2026-05-05 |
| CVE-2026-39852 | Quarkus 安全漏洞 — quarkusCWE-863 | 9.1 | - | 2026-05-05 |
| CVE-2026-39849 | Pi-hole 注入漏洞 — FTLCWE-93 | 8.8 | - | 2026-05-05 |
| CVE-2026-39383 | Gotenberg 代码问题漏洞 — gotenbergCWE-918 | 8.2 | - | 2026-05-05 |
| CVE-2026-35579 | CoreDNS 授权问题漏洞 — corednsCWE-287 | 7.4 | - | 2026-05-05 |
| CVE-2026-40280 | Gotenberg 代码问题漏洞 — gotenbergCWE-918 | 5.3 | - | 2026-05-05 |
| CVE-2026-40331 | Masa CMS SQL注入漏洞 — MasaCMSCWE-89 | 9.8 | - | 2026-05-05 |
| CVE-2026-40330 | Masa CMS SQL注入漏洞 — MasaCMSCWE-89 | 9.8 | - | 2026-05-05 |
| CVE-2026-40329 | Masa CMS SQL注入漏洞 — MasaCMSCWE-89 | 9.8 | - | 2026-05-05 |
| CVE-2026-32936 | CoreDNS 资源管理错误漏洞 — corednsCWE-400 | 7.5 | - | 2026-05-05 |
| CVE-2026-32934 | CoreDNS 安全漏洞 — corednsCWE-770 | 7.5 | - | 2026-05-05 |
| CVE-2026-33190 | CoreDNS 安全漏洞 — corednsCWE-303 | 7.4 | - | 2026-05-05 |
| CVE-2026-27960 | OpenCTI 授权问题漏洞 — openctiCWE-287 | 9.8 | Critical | 2026-05-05 |
| CVE-2026-32689 | phoenix 安全漏洞 — phoenixCWE-770 | 7.5 | - | 2026-05-05 |
access:pre-auth 是常见的弱点类别,本平台收录该类弱点关联的 21169 条 CVE 漏洞。