CVE-2026-30522

A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific penalty rates for overdue payments. While the frontend interface prevents users from entering...

Apache Kyuubi Directory Traversal Vulnerability

Apache Kyuubi is a distributed SQL gateway from the Apache Foundation. Apache Kyuubi suffers from a directory traversal vulnerability that originates from a client-side bypass of server-side configuration, which can be exploited by an attacker to cause access to unauthorized local files...

CVE-2020-36923 Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass via IDOR

Sony BRAVIA Digital Signage 1.7.8 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization controls. Attackers can access hidden system resources like '//content-creation' by manipulating client-side access restrictions...

Apache Kyuubi 安全漏洞

Apache Kyuubi is a distributed SQL gateway from the Apache Foundation. Apache Kyuubi suffers from a directory traversal vulnerability that originates from a client-side bypass of server-side configuration, which can be exploited by an attacker to cause access to unauthorized local files...

CVE-2025-64119

CVE-2025-64119 : A vulnerability in the Nuvation Battery Management System allows authentication bypass, affecting BMS versions up to 2.3.9. The entry is supported by other sources (Red Hat/EUVD) with the same description. The CVSSv4 metrics indicate critical impact (base score 9.3) across confid...

CVE-2025-2139

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete reviews from other users due to client-side enforcement of server-side security...

CVE-2025-2139

IBM Engineering Requirements Management DOORS Next (versions 7.0.2, 7.0.3, 7.1) is affected by CVE-2025-2139 due to client-side enforcement of server-side security, allowing an authenticated network user to delete reviews from other users. The CVSSv3.1 base score is 3.5 (low impact on integrity; ...

EUVD-2023-28625

Malicious code in bioql PyPI...

Exploit for CVE-2025-60787

CVE-2025-60787 CVE-2025-60787 Poc - RCE - MotionEye = 0.43...

Ericsson Indoor Connect 安全漏洞

Ericsson Indoor Connect is an indoor compact base station from Ericsson Sweden. A security vulnerability exists in Ericsson Indoor Connect version 8855, which originates from a client-side ability to bypass server-side security measures, potentially leading to unauthorized disclosure of user...

PT-2025-32466 · Unknown · Litmuschaos

Name of the Vulnerable Software and Affected Versions: LitmusChaos versions up to 3.19.0 Description: A problematic issue exists in LitmusChaos. The manipulation leads to client-side enforcement of server-side security. This issue is potentially exploitable remotely. The exploit has been publicly...

IBM Operations Analytics-Log Analysis 安全漏洞

IBM Operations Analytics-Log Analysis is a suite of semi-structured data analysis solutions from International Business Machines IBM. The product is primarily used for application log analysis and problem diagnosis, among other things. A security vulnerability exists in IBM Operations Analytics-L...

Security Bulletin: Input Validation and Client-Side Bypass Vulnerabilities in IBM Operations Analytics - Log Analysis (CVE-2024-40682, CVE-2024-41750)

Summary Vulnerabilities in IBM Operations Analytics - Log Analysis allow bypassing client-side validation checks for allowable characters, and failure to validate input from the environment. This has been addressed. Vulnerability Details CVEID:CVE-2024-40682 DESCRIPTION: IBM SmartCloud Analytics ...

CVE-2025-4527

A security flaw has been discovered in Dígitro NGC Explorer up to 3.44.15/3.48.21. The impacted element is an unknown function of the component Password Transmission Handler. Performing a manipulation results in client-side enforcement of server-side security. The attack can be initiated remotely...

CVE-2025-2499

Client side access control bypass in the permission component in Devolutions Remote Desktop Manager on Windows. An authenticated user can exploit this flaw to bypass certain permission restrictions—specifically View Password, Edit Asset, and Edit Permissions by performing specific actions. This...

Mavenir SCE Application Provisioning Portal 安全漏洞

Mavenir SCE Application Provisioning Portal is an application provisioning portal from Mavenir USA. A security vulnerability exists in the Mavenir SCE Application Provisioning Portal PORTAL-LBS-R10240 version, which originates from a client-side access control bypass that results in unauthorized...

CVE-2024-54128 Directus has an HTML Injection in Comment

Directus is a real-time API and App dashboard for managing SQL database content. The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which can be bypassed, making the application...

PT-2024-24771 · Unknown · Wp Ultimate Review

Name of the Vulnerable Software and Affected Versions: Wp Ultimate Review versions 2.2.5 and earlier Description: The issue is related to a Client-Side Enforcement of Server-Side Security vulnerability, allowing functionality bypass in Wpmet Wp Ultimate Review. Recommendations: For versions 2.2.5...

CVE-2023-4345

Broadcom RAID Controller web interface is vulnerable client-side control bypass leads to unauthorized data access for low privileged user...

PT-2023-28824 · Broadcom · Broadcom Raid Controller

Name of the Vulnerable Software and Affected Versions: Broadcom RAID Controller affected versions not specified Description: The Broadcom RAID Controller web interface is vulnerable to a client-side control bypass, which can lead to unauthorized data access for low-privileged users...