89 matches found
EUVD-2025-14326
Malicious code in bioql PyPI...
EUVD-2022-4962
Malicious code in bioql PyPI...
CVE-2025-8792
LitmusChaos (Litmus) up to version 3.19.0 is affected by a vulnerability described as a client‑side enforcement of server‑side security due to an issue in an unknown function. The vulnerability can be exploited remotely, and public exploitation has been disclosed. Multiple sources corroborate the...
The vulnerability of the IBM Aspera Faspex file-sharing application, related to the implementation of security functions at the client side, allows attackers to compromise the integrity of the protected information.
The vulnerability of the IBM Aspera Faspex file-sharing application is related to the implementation of security functions at the client side. Exploiting this vulnerability allows a malicious actor to compromise the integrity of the protected information from a remote location...
CVE-2025-36039
IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms,...
PT-2025-30565 · Ibm · Ibm Smartcloud Analytics Log Analysis
Name of the Vulnerable Software and Affected Versions: IBM SmartCloud Analytics - Log Analysis versions 1.3.7.0 through 1.3.8.2 Description: IBM SmartCloud Analytics - Log Analysis is susceptible to a security bypass that allows a local, authenticated attacker to manipulate data by circumventing...
PT-2025-28964 · Unknown · Docusaurus-Plugin-Content-Gists
Name of the Vulnerable Software and Affected Versions: docusaurus-plugin-content-gists versions prior to 4.0.0 Description: The Docusaurus gists plugin displays public gists of a GitHub user on a Docusaurus instance. Versions prior to 4.0.0 inadvertently include GitHub Personal Access Tokens in...
The vulnerability of the Cisco Unified Intelligence Center reporting software and the Unified Contact Center Enterprise contact center management software lies in the implementation of security functions at the client side, which allows attackers to elevate their privileges to the root level.
The vulnerability of the Cisco Unified Intelligence Center reporting software and the Unified Contact Center Enterprise contact center management software relates to the implementation of security features at the client side. Exploiting this vulnerability allows a malicious actor to elevate their...
CVE-2025-47697
Client-side enforcement of server-side security issue exists in wivia 5 all versions. If exploited, an unauthenticated attacker may bypass authentication and operate the affected device as the moderator user...
Multiple vulnerabilities in wivia 5
Overview wivia 5 provided by UCHIDA YOKO CO., LTD. contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2025-41385 Cross-site Scripting CWE-79 - CVE-2025-41406 Client-Side Enforcement of Server-Side Security CWE-602 - CVE-2025-47697 Shogo Iyota of GMO Cybersecurity by...
CVE-2025-47697
Client-side enforcement of server-side security issue exists in wivia 5 all versions. If exploited, an unauthenticated attacker may bypass authentication and operate the affected device as the moderator user...
CVE-2024-49824
IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 could allow an authenticated user to perform unauthorized actions as a privileged user due to improper validation...
CVE-2023-42787
A client-side enforcement of server-side security CWE-602 vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client side code execution...
CVE-2025-33137
IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of server-side security...
CVE-2020-11542
3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authentication Bypass via CMD.HTM?CMD= because authentication depends on the client side's interpretation of the MYKEY substring...
CVE-2025-4527
A vulnerability has been found in Dígitro NGC Explorer 3.44.15 and classified as problematic. This vulnerability affects unknown code of the component Password Transmission Handler. The manipulation leads to client-side enforcement of server-side security. The attack can be initiated remotely. Th...
CVE-2025-4527 Dígitro NGC Explorer Password Transmission client-side enforcement of server-side security
A security flaw has been discovered in Dígitro NGC Explorer up to 3.44.15/3.48.21. The impacted element is an unknown function of the component Password Transmission Handler. Performing a manipulation results in client-side enforcement of server-side security. The attack can be initiated remotely...
CVE-2024-30145
CVE-2024-30145 affects HCL Domino Volt and Domino Leap with multiple vectors enabling client-side script injection (XSS) in the authoring environment and deployed applications. Connected sources confirm XSS via web interfaces; no concrete exploit details or patch/version information are provided ...
CVE-2022-44759
Improper sanitization of SVG files in HCL Leap allows client-side script injection in deployed applications...
CVE-2024-30114
CVE-2024-30114 concerns an XSS issue in HCL Leap caused by insufficient sanitization in the authoring environment, allowing client-side script injection. Across connected documents, the affected product is consistently HCL Leap, with its vulnerability described as an input sanitization flaw leadi...