Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19065

19065 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2026-24178 NVIDIA NVFlare Dashboard 安全漏洞 — FLARE SDKCWE-639 9.8 Critical2026-04-28
CVE-2026-40969 Spring gRPC AuthenticationException message reflected to remote client — Spring gRPCCWE-209 3.7 Low2026-04-28
CVE-2026-27760 OpenCATS PHP Code Injection via installer AJAX endpoint — OpenCATSCWE-94 8.1 High2026-04-28
CVE-2026-40968 Spring gRPC SecurityContext leaks across requests on authorization failure — Spring gRPCCWE-653 4.3 Medium2026-04-28
CVE-2026-40552 Remote Code Execution in mpGabinet — mpGabinetCWE-669 8.0AIHighAI2026-04-28
CVE-2026-5944 Cisco Intersight Device Connector for Nutanix Prism Central Unauthenticated API Access — Cisco Intersight Device Connector for Prism CentralCWE-306 8.2 High2026-04-28
CVE-2026-3323 VEGA: Privilege escalation through unsecured configuration interface in VEGAPULS devices — VEGAPULS 6X Two-wire PROFINET, Modbus TCP, OPC UA (Ethernet-APL)CWE-306 7.5 High2026-04-28
CVE-2026-4911 Booking Package <= 1.7.06 - Unauthenticated Price Manipulation via 'amount' Parameter — Booking PackageCWE-472 5.3 Medium2026-04-28
CVE-2026-5306 Check & Log Email < 2.0.13 - Unauthenticated Stored XSS — Check & Log Email 6.1AIMediumAI2026-04-28
CVE-2025-67223 Aranda Service Desk 安全漏洞 — n/a 7.5AIHighAI2026-04-28
CVE-2026-37750 School Management System 安全漏洞 — n/a 6.1AIMediumAI2026-04-28
CVE-2026-40355 MIT Kerberos 代码问题漏洞 — Kerberos 5CWE-476 5.9 Medium2026-04-28
CVE-2026-40356 MIT Kerberos 数字错误漏洞 — Kerberos 5CWE-191 5.9 Medium2026-04-28
CVE-2026-7139 Totolink A8000RU CGI cstecgi.cgi setWiFiAclRules os command injection — A8000RUCWE-78 9.8 Critical2026-04-27
CVE-2026-41462 ProjeQtor < 12.4.4 Unauthenticated SQL Injection via Login — ProjeQtorCWE-89 9.8 Critical2026-04-27
CVE-2026-40514 SmarterTools SmarterMail < Build 9610 Cryptographic Weakness via Weak RNG — SmarterMailCWE-338 5.9 Medium2026-04-27
CVE-2026-32688 Atom table exhaustion via HTTP/2 :scheme pseudo-header in plug_cowboy — plug_cowboyCWE-770 7.5AIHighAI2026-04-27
CVE-2026-41081 Apache Storm Client: Anonymous principal assigned on TLS client certificate verification failure — Apache Storm ClientCWE-287 9.1AICriticalAI2026-04-27
CVE-2026-33453 Apache Camel: CoAP URI Query Parameter to Exchange Header Injection in camel-coap Allows Single-Packet Pre-Auth Remote Code Execution — Apache CamelCWE-915 9.8AICriticalAI2026-04-27
CVE-2026-40022 Apache Camel Platform HTTP Main: Authentication Bypass on Non-Root Context Paths in camel main runtime — Apache Camel Platform HTTP MainCWE-288 9.8AICriticalAI2026-04-27
CVE-2026-3868 Moxa EDR-8010 Series和Moxa EDR-G9010 Series 安全漏洞 — EDR-8010 SeriesCWE-130 7.5AIHighAI2026-04-27
CVE-2025-69428 Pro-Bit 安全漏洞 — n/a 7.5AIHighAI2026-04-27
CVE-2026-35902 Mercury MIPC252W 安全漏洞 — n/a 7.5AIHighAI2026-04-27
CVE-2026-41473 CyberPanel < 2.4.4 Unauthenticated API Access via AI Scanner Endpoints — cyberpanelCWE-306 9.1AICriticalAI2026-04-24
CVE-2026-41472 CyberPanel < 2.4.4 Stored XSS via AI Scanner Dashboard — cyberpanelCWE-79 6.1AIMediumAI2026-04-24
CVE-2026-41477 Deskflow: Local privilege escalation via unauthenticated IPC — deskflowCWE-306 7.8 High2026-04-24
CVE-2026-41503 BACnet Stack: Out-of-Bounds Read in ReadPropertyMultiple Property Decoder via Deprecated Tag Parser — bacnet-stackCWE-125 7.5AIHighAI2026-04-24
CVE-2026-41502 BACnet Stack: Off-by-One Out-of-Bounds Read in ReadPropertyMultiple Object ID Decoder — bacnet-stackCWE-125 9.1AICriticalAI2026-04-24
CVE-2026-41475 BACnet Stack: Out-of-Bounds Read in WritePropertyMultiple Decoder via Deprecated Tag Parser — bacnet-stackCWE-125 7.5AIHighAI2026-04-24
CVE-2026-41428 Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpoints — budibaseCWE-287 9.1 Critical2026-04-24

Vulnerabilities classified as access:pre-auth represent 19065 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.