目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1336 CNY

100%

access:pre-auth 标签下的 CVE 漏洞 20952

access:pre-auth 类型相关 20952 条 CVE 漏洞,含 AI 中文分析、CVSS、参考链接与 POC。

“access:pre-auth”标签标识了无需身份验证即可触发的漏洞,涵盖18971个CVE。此类漏洞之所以关键,是因为攻击者无需凭证即可直接利用,极大降低了攻击门槛并扩大了潜在受害面。典型场景包括远程代码执行、未授权数据访问及拒绝服务攻击,常见于配置错误的API接口、默认凭证服务或存在逻辑缺陷的认证前处理模块,对系统安全性构成直接且严重的威胁。

CVE IDタイトルCVSS深刻度公開日
CVE-2026-32760 File Browser Self Registration Grants Any User Admin Access When Default Permissions Include Admin — filebrowserCWE-269 9.8 -2026-03-19
CVE-2026-33289 SuiterCRM has LDAP Filter Injection in Authentication Module — SuiteCRMCWE-90 8.8 High2026-03-19
CVE-2026-29105 SuiteCRM has Unauthenticated Open Redirect in Leads WebToLead Capture — SuiteCRMCWE-601 5.4 Medium2026-03-19
CVE-2026-32816 Admidio has Missing CSRF Validation on Role Delete, Activate, and Deactivate Actions — admidioCWE-352 5.7 Medium2026-03-19
CVE-2026-32041 OpenClaw < 2026.3.1 - Unauthenticated Browser Control Access via Failed Auth Bootstrap — OpenClawCWE-306 6.9 Medium2026-03-19
CVE-2026-32011 OpenClaw < 2026.3.2 - Slow-Request Denial of Service via Pre-Auth Webhook Body Parsing — OpenClawCWE-770 7.5 High2026-03-19
CVE-2026-30871 OpenWrt Project has Stack-based Buffer Overflow in DNS PTR Query — openwrtCWE-121 10.0 -2026-03-19
CVE-2026-32815 SiYuan: Cross-Origin WebSocket Hijacking via Authentication Bypass — Unauthenticated Information Disclosure — siyuanCWE-287 9.1 -2026-03-19
CVE-2026-32754 FreeScout: Stored XSS via Unescaped Email Template Rendering ({!! $thread->body !!}) — freescoutCWE-79 9.3 Critical2026-03-19
CVE-2026-32194 Microsoft Bing Images Remote Code Execution Vulnerability — Microsoft Bing ImagesCWE-77 9.8 Critical2026-03-19
CVE-2026-24299 M365 Copilot Information Disclosure Vulnerability — Microsoft 365 CopilotCWE-77 5.3 Medium2026-03-19
CVE-2026-26120 Microsoft Bing Tampering Vulnerability — Microsoft BingCWE-918 6.5 Medium2026-03-19
CVE-2026-23658 Azure DevOps: msazure Elevation of Privilege Vulnerability — Azure DevOps: msazureCWE-522 8.6 High2026-03-19
CVE-2026-26138 Microsoft Purview Elevation of Privilege Vulnerability — Microsoft PurviewCWE-918 8.6 High2026-03-19
CVE-2026-32191 Microsoft Bing Images Remote Code Execution Vulnerability — Microsoft Bing ImagesCWE-78 9.8 Critical2026-03-19
CVE-2026-26139 Microsoft Purview Elevation of Privilege Vulnerability — Microsoft PurviewCWE-918 8.6 High2026-03-19
CVE-2026-30836 Step CA: Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18) — certificatesCWE-287 10.0 Critical2026-03-19
CVE-2026-27953 ormar has a Pydantic Validation Bypass via Kwargs Injection in Model Constructor — ormarCWE-915 7.1 High2026-03-19
CVE-2026-1005 Integer underflow leads to out-of-bounds access in sniffer AES-GCM/CCM/ARIA-GCM decrypt path — wolfSSLCWE-191 7.5 -2026-03-19
CVE-2026-32867 OPEXUS eComplaint unauthenticated file upload — eComplaintCWE-639 5.4 Medium2026-03-19
CVE-2026-4424 Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing — Red Hat Enterprise Linux 10CWE-125 7.5 High2026-03-19
CVE-2025-71257 BMC FootPrints ITSM 20.20.02 <= 20.24.01.001 Authentication Bypass — FootPrintsCWE-306 7.3 High2026-03-19
CVE-2026-3511 Autogram 安全漏洞 — AutogramCWE-611 8.6 High2026-03-19
CVE-2026-3658 Appointment Booking Calendar <= 1.6.10.0 - Unauthenticated SQL Injection via 'fields' Parameter — Appointment Booking Calendar — Simply Schedule Appointments Booking PluginCWE-89 7.5 High2026-03-19
CVE-2026-3475 Instant Popup Builder <= 1.1.7 - Unauthenticated Arbitrary Shortcode Execution via 'token' Parameter — Instant Popup Builder – Powerful Popup Maker for Opt-ins, Email Newsletters & Lead GenerationCWE-862 5.3 Medium2026-03-19
CVE-2026-4068 Add Custom Fields to Media <= 2.0.3 - Cross-Site Request Forgery to Custom Field Deletion via 'delete' Parameter — Add Custom Fields to MediaCWE-352 4.3 Medium2026-03-19
CVE-2026-1238 SlimStat Analytics <= 5.3.5 - Unauthenticated Stored Cross-Site Scripting via 'fh' — SlimStat AnalyticsCWE-79 7.2 High2026-03-19
CVE-2026-28461 OpenClaw < 2026.3.1 - Unbounded Memory Growth in Zalo Webhook via Query String Key Churn — OpenClawCWE-770 7.5 High2026-03-19
CVE-2026-25667 Microsoft .NET 安全漏洞 — n/a 7.5 -2026-03-19
CVE-2026-32255 Kan is Vulnerable to Unauthenticated SSRF via Attachment Download Endpoint — kanCWE-918 8.6 High2026-03-18

access:pre-auth 是常见的弱点类别,本平台收录该类弱点关联的 20952 条 CVE 漏洞。