JLSEC-2026-520

A flaw was found in gnutls. A use after free issue in client sending keyshare extension may lead to memory corruption and other consequences...

PT-2026-35025

A client-side authorization flaw in Lightspeed Classroom v5.1.2.1763770643 allows unauthenticated attackers to impersonate users by bypassing integrity checks and abusing client-generated authorization tokens, leading to unauthorized control and monitoring of student devices...

CVE-2026-23859

Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Client-Side Enforcement of Server-Side Security vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability to Protection mechanism bypass...

PT-2025-51296

Name of the Vulnerable Software and Affected Versions Member Login Script version 3.3 Description The software contains a client-side desynchronization issue related to how HTTP requests are handled. Specifically, the vulnerability stems from the parsing of the Content-Length header. An attacker...

CVE-2025-2139

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete reviews from other users due to client-side enforcement of server-side security...

IBM Aspera Faspex 代码问题漏洞

IBM Aspera Faspex is IBM's high-performance file transfer solution designed to transfer large files quickly and reliably. A security vulnerability exists in IBM Aspera Faspex versions 5.0.0 through 5.0.12.1, which stems from insufficient client-side enforcement of server-side security mechanisms...

CVE-2023-22654

Client-side enforcement of server-side security issue exists in T Corporation and ESPEC MIC CORP. data logger products, which may lead to an arbitrary script execution on a logged-in user's web browser. Affected products and versions are as follows: T Corporation data logger products TR-71W/72W a...

GRAU DATA Blocky 安全漏洞

GRAU DATA Blocky is a ransomware protection software from GRAU DATA, Germany. A security vulnerability exists in GRAU DATA Blocky versions prior to 3.1, which stems from a client-side enforcement of server-side security vulnerability in Blocky-Gui that allows an attacker to gain full access to al...

The vulnerability of the client-side and server-side implementations of the SSHv2 asyncssh protocol in Python programming language allows attackers to carry out “man-in-the-middle” type attacks.

The vulnerability of the client-side and server-side implementations of the SSHv2 asyncssh protocol in Python lies in insufficient validation of data authenticity. Exploiting this vulnerability allows a malicious actor to carry out “man-in-the-middle” attacks remotely...

The vulnerability of the Fortinet FortiManager software, which is used for centralized device management, as well as the FortiAnalyzer and FortiAnalyzer-BigData tools used for security event monitoring and analysis, arises from the implementation of security functions at the client-side. This vulnerability allows attackers to exploit their privileges.

The vulnerability of the Fortinet FortiManager software for centralized device management, as well as the FortiAnalyzer and FortiAnalyzer-BigData security monitoring and analysis tools, is related to the implementation of security functions at the client side. Exploiting this vulnerability allows...

PT-2024-28454 · Mendelson · Mendelson As4

Name of the Vulnerable Software and Affected Versions: MENDELSON AS4 versions prior to 2024 B376 Description: The issue arises when a trading partner provides prepared XML data, exploiting a client-side vulnerability. This allows files to be written to the computer running the client process when...

CVE-2024-31491

A client-side enforcement of server-side security vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6 allows attacker to execute unauthorized code or commands via HTTP requests...

CVE-2023-42787

A client-side enforcement of server-side security CWE-602 vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client side code execution...

PT-2023-5994 · Fortinet · Fortimanager +1

Name of the Vulnerable Software and Affected Versions: Fortinet FortiManager versions 7.4.0 and before 7.2.3 Fortinet FortiAnalyzer versions 7.4.0 and before 7.2.3 Description: The issue is related to the implementation of client-side security features. It may allow a remote attacker with low...

CVE-2023-32612

Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow an attacker with an administrative privilege to execute OS commands with the root privilege...

CVE-2023-22654

Client-side enforcement of server-side security issue exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may lead to an arbitrary script execution on a logged-in user's web browser. Affected products and versions are as follows: T&D Corporation data logger products TR-71W/7...

K14468: Client-side component flaw CVE-2013-0150

Security Advisory Description A flaw in a BIG-IP APM or FirePass client-side F5-signed component may allow a third party to install files on the client machine. Impact Affected components may allow third party code execution on the affected client. There is no impact to the BIG-IP or FirePass hos...

The vulnerability in the web interface for managing applications used to manage Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM allows a malicious actor to escalate their privileges.

The vulnerability of the Web interface for managing software solutions in the Cisco Unified Contact Center Management Portal and Cisco Unified Contact Center Domain Manager is related to the implementation of security features at the client side. Exploiting this vulnerability allows a malicious...

The vulnerability of the client-side loading mechanism of the McAfee TechCheck performance scanning system allows a perpetrator to execute arbitrary code.

The vulnerability of the PC performance scanning system’s McAfee TechCheck lies in the loading of a non-existent dynamic library. Exploiting this vulnerability allows an attacker to execute arbitrary code...

D-Link DIR-601 Authentication Bypass Vulnerability

The D-Link DIR-601 B1 is a wireless router from AUO D-Link of Taiwan, China. An authentication bypass vulnerability exists in the D-Link DIR-601 B1 version 2.00NA, which originates from a program that only authenticates on the client side and fails to authenticate on the server side. An attacker...