5519 matches found
CVE-2026-42513 Authentication Bypass Vulnerability in e-Sushrut HMIS
This vulnerability exists in e-Sushrut due to improper authentication logic that relies on client-side response parameters to determine authentication status. A remote attacker could exploit this vulnerability by intercepting and modifying the server response. Successful exploitation of this...
CVE-2026-42513
This vulnerability exists in e-Sushrut due to improper authentication logic that relies on client-side response parameters to determine authentication status. A remote attacker could exploit this vulnerability by intercepting and modifying the server response. Successful exploitation of this...
EUVD-2026-26196
This vulnerability exists in e-Sushrut due to improper authentication logic that relies on client-side response parameters to determine authentication status. A remote attacker could exploit this vulnerability by intercepting and modifying the server response. Successful exploitation of this...
Web-Client-Side-Vulnerabilities-Practical-Exploitation-and-Mitigation
No d...
CDAC e-Sushrut 安全漏洞
CDAC e-Sushrut is a system platform provided by the Indian company CDAC, which facilitates hospital information management and medical process support. There is a security vulnerability in CDAC e-Sushrut. This vulnerability stems from the leakage of sensitive information in client-side JavaScript...
PT-2026-35890
Name of the Vulnerable Software and Affected Versions e-Sushrut affected versions not specified Description Sensitive information and hardcoded AES Advanced Encryption Standard, a symmetric block cipher used for encrypting and decrypting data encryption keys are disclosed in client-side JavaScrip...
PT-2026-35881
Name of the Vulnerable Software and Affected Versions e-Sushrut affected versions not specified Description Improper authentication logic relies on client-side response parameters to determine authentication status. A remote attacker can intercept and modify the server response to bypass...
CVE-2026-40551
mpGabinet performs client-side authentication. An attacker with access to any application instance connected to the backend server can bypass the login verification process by manipulating the application binary and authenticate as an arbitrary user. This issue affects mpGabinet version 23.12.19...
CVE-2026-40551
mpGabinet is affected by a vulnerability where client-side authentication can be bypassed. An attacker with access to any application instance connected to the backend can manipulate the application binary to authenticate as an arbitrary user, bypassing login verification. Affected versions are 2...
CVE-2026-40551 Use of Client-Side Authentication in mpGabinet
mpGabinet performs client-side authentication. An attacker with access to any application instance connected to the backend server can bypass the login verification process by manipulating the application binary and authenticate as an arbitrary user. This issue affects mpGabinet version 23.12.19...
EUVD-2026-26045
mpGabinet performs client-side authentication. An attacker with access to any application instance connected to the backend server can bypass the login verification process by manipulating the application binary and authenticate as an arbitrary user. This issue affects mpGabinet version 23.12.19...
CVE-2026-40551 Use of Client-Side Authentication in mpGabinet
mpGabinet performs client-side authentication. An attacker with access to any application instance connected to the backend server can bypass the login verification process by manipulating the application binary and authenticate as an arbitrary user. This issue affects mpGabinet version 23.12.19...
SUSE-SU-2026:1640-1 Security update for freerdp2
This update for freerdp2 fixes the following issues: - CVE-2026-25941: Out-of-Bounds Read in client RDPGFX channel via crafted WIRETOSURFACE2 PDU bsc1258919. - CVE-2026-25942: Global-buffer-overflow in xfrailserverexecuteresult bsc1258920. - CVE-2026-25952: Heap-use-after-free in...
BinSoft mpGabinet 安全漏洞
BinSoft mpGabinet is a medical clinic management system developed by the Polish company BinSoft. Versions of BinSoft mpGabinet prior to December 23, 2019, contained security vulnerabilities. These vulnerabilities stemmed from the execution of client-side authentication processes, which could allo...
PT-2026-35721
mpGabinet performs client-side authentication. An attacker with access to any application instance connected to the backend server can bypass the login verification process by manipulating the application binary and authenticate as an arbitrary user. This issue affects mpGabinet version 23.12.19...
CVE-2026-3837
An authenticated attacker can persist crafted values in multiple field types and trigger client-side script execution when another user opens the affected document in Desk. The vulnerable formatter implementations interpolate stored values into raw HTML attributes and element content without...
CVE-2026-30368
A client-side authorization flaw in Lightspeed Classroom v5.1.2.1763770643 allows unauthenticated attackers to impersonate users by bypassing integrity checks and abusing client-generated authorization tokens, leading to unauthorized control and monitoring of student devices...
Exploit for CVE-2026-21847
CVE-2026-21847: Hardcoded AES Encryption Key in DPDC Customer...
CVE-2026-30368
A client-side authorization flaw in Lightspeed Classroom v5.1.2.1763770643 allows unauthenticated attackers to impersonate users by bypassing integrity checks and abusing client-generated authorization tokens, leading to unauthorized control and monitoring of student devices...
CVE-2026-31535
In the Linux kernel, the following vulnerability has been resolved: smb: client: make use of smbdirectsocket.recvio.credits.available The logic off managing recv credits by counting posted recvio and granted credits is racy. That's because the peer might already consumed a credit, but between...