Lucene search
+L

89 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-14326

Malicious code in bioql PyPI...

6.3CVSS4.8AI score0.00446EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-4962

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00935EPSS
Exploits0References5
CVE
CVE
added 2025/08/10 3:32 a.m.24 views

CVE-2025-8792

LitmusChaos (Litmus) up to version 3.19.0 is affected by a vulnerability described as a client‑side enforcement of server‑side security due to an issue in an unknown function. The vulnerability can be exploited remotely, and public exploitation has been disclosed. Multiple sources corroborate the...

5.3CVSS7AI score0.00982EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/08/08 12:0 a.m.12 views

The vulnerability of the IBM Aspera Faspex file-sharing application, related to the implementation of security functions at the client side, allows attackers to compromise the integrity of the protected information.

The vulnerability of the IBM Aspera Faspex file-sharing application is related to the implementation of security functions at the client side. Exploiting this vulnerability allows a malicious actor to compromise the integrity of the protected information from a remote location...

6.8CVSS5.5AI score0.00257EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/07/31 12:15 a.m.2 views

CVE-2025-36039

IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms,...

6.5CVSS5.8AI score0.00257EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/23 12:0 a.m.15 views

PT-2025-30565 · Ibm · Ibm Smartcloud Analytics Log Analysis

Name of the Vulnerable Software and Affected Versions: IBM SmartCloud Analytics - Log Analysis versions 1.3.7.0 through 1.3.8.2 Description: IBM SmartCloud Analytics - Log Analysis is susceptible to a security bypass that allows a local, authenticated attacker to manipulate data by circumventing...

5.5CVSS6AI score0.00116EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/07/09 12:0 a.m.7 views

PT-2025-28964 · Unknown · Docusaurus-Plugin-Content-Gists

Name of the Vulnerable Software and Affected Versions: docusaurus-plugin-content-gists versions prior to 4.0.0 Description: The Docusaurus gists plugin displays public gists of a GitHub user on a Docusaurus instance. Versions prior to 4.0.0 inadvertently include GitHub Personal Access Tokens in...

10CVSS6.1AI score0.01842EPSS
Exploits0References12
BDU FSTEC
BDU FSTEC
added 2025/06/13 12:0 a.m.8 views

The vulnerability of the Cisco Unified Intelligence Center reporting software and the Unified Contact Center Enterprise contact center management software lies in the implementation of security functions at the client side, which allows attackers to elevate their privileges to the root level.

The vulnerability of the Cisco Unified Intelligence Center reporting software and the Unified Contact Center Enterprise contact center management software relates to the implementation of security features at the client side. Exploiting this vulnerability allows a malicious actor to elevate their...

7.5CVSS5.5AI score0.00357EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/06/01 7:33 a.m.9 views

CVE-2025-47697

Client-side enforcement of server-side security issue exists in wivia 5 all versions. If exploited, an unauthenticated attacker may bypass authentication and operate the affected device as the moderator user...

7.5CVSS7.4AI score0.00273EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/05/30 6:57 a.m.5 views

Multiple vulnerabilities in wivia 5

Overview wivia 5 provided by UCHIDA YOKO CO., LTD. contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2025-41385 Cross-site Scripting CWE-79 - CVE-2025-41406 Client-Side Enforcement of Server-Side Security CWE-602 - CVE-2025-47697 Shogo Iyota of GMO Cybersecurity by...

7.5CVSS7.3AI score0.0124EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2025/05/30 6:36 a.m.5 views

CVE-2025-47697

Client-side enforcement of server-side security issue exists in wivia 5 all versions. If exploited, an unauthenticated attacker may bypass authentication and operate the affected device as the moderator user...

6.9CVSS6.8AI score0.00273EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 8:26 a.m.6 views

CVE-2024-49824

IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 could allow an authenticated user to perform unauthorized actions as a privileged user due to improper validation...

6.5CVSS6.5AI score0.00313EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:1 a.m.10 views

CVE-2023-42787

A client-side enforcement of server-side security CWE-602 vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client side code execution...

6.5CVSS7.2AI score0.01372EPSS
Exploits1
OSV
OSV
added 2025/05/22 5:15 p.m.4 views

CVE-2025-33137

IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of server-side security...

8.8CVSS5.8AI score0.00287EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:52 p.m.12 views

CVE-2020-11542

3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authentication Bypass via CMD.HTM?CMD= because authentication depends on the client side's interpretation of the MYKEY substring...

9.8CVSS7.4AI score0.00978EPSS
Exploits1References1
OSV
OSV
added 2025/05/11 3:15 a.m.7 views

CVE-2025-4527

A vulnerability has been found in Dígitro NGC Explorer 3.44.15 and classified as problematic. This vulnerability affects unknown code of the component Password Transmission Handler. The manipulation leads to client-side enforcement of server-side security. The attack can be initiated remotely. Th...

5.9CVSS4.3AI score0.00446EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/05/11 2:0 a.m.6 views

CVE-2025-4527 Dígitro NGC Explorer Password Transmission client-side enforcement of server-side security

A security flaw has been discovered in Dígitro NGC Explorer up to 3.44.15/3.48.21. The impacted element is an unknown function of the component Password Transmission Handler. Performing a manipulation results in client-side enforcement of server-side security. The attack can be initiated remotely...

6.3CVSS5.1AI score0.00446EPSS
Exploits0References5
CVE
CVE
added 2025/04/30 9:15 p.m.60 views

CVE-2024-30145

CVE-2024-30145 affects HCL Domino Volt and Domino Leap with multiple vectors enabling client-side script injection (XSS) in the authoring environment and deployed applications. Connected sources confirm XSS via web interfaces; no concrete exploit details or patch/version information are provided ...

6.5CVSS6.6AI score0.0021EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/04/24 9:15 p.m.14 views

CVE-2022-44759

Improper sanitization of SVG files in HCL Leap allows client-side script injection in deployed applications...

5.4CVSS0.00198EPSS
Exploits0References1
CVE
CVE
added 2025/04/24 4:22 p.m.57 views

CVE-2024-30114

CVE-2024-30114 concerns an XSS issue in HCL Leap caused by insufficient sanitization in the authoring environment, allowing client-side script injection. Across connected documents, the affected product is consistently HCL Leap, with its vulnerability described as an input sanitization flaw leadi...

5.4CVSS7.2AI score0.0021EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder