CVE-2025-14687

CVE-2025-14687 affects IBM Db2 Intelligence Center versions 1.1.0–1.1.2. The vulnerability arises from client-side enforcement of server-side security mechanisms, allowing an authenticated user to perform unauthorized actions. Red Hat and CVE records corroborate the issue and reference the IBM ad...

EUVD-2025-205431

IBM Db2 Intelligence Center 1.1.0, 1.1.1, 1.1.2 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms...

CVE-2025-14687 Client-Side Enforcement of Server-Side Security in IBM Db2 Intelligence Center

IBM Db2 Intelligence Center 1.1.0, 1.1.1, 1.1.2 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms...

CVE-2025-14687 Client-Side Enforcement of Server-Side Security in IBM Db2 Intelligence Center

IBM Db2 Intelligence Center 1.1.0, 1.1.1, 1.1.2 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms...

CVE-2019-25235 Smartwares HOME easy 1.0.9 Client-Side Authentication Bypass via Web Pages

Smartwares HOME easy 1.0.9 contains an authentication bypass vulnerability that allows unauthenticated attackers to access administrative web pages by disabling JavaScript. Attackers can navigate to multiple administrative endpoints and to bypass client-side validation and access sensitive system...

CVE-2019-25235 Smartwares HOME easy 1.0.9 Client-Side Authentication Bypass via Web Pages

Smartwares HOME easy 1.0.9 contains an authentication bypass vulnerability that allows unauthenticated attackers to access administrative web pages by disabling JavaScript. Attackers can navigate to multiple administrative endpoints and to bypass client-side validation and access sensitive system...

CVE-2019-25235

The CVE-2019-25235 entry concerns Smartwares HOME easy 1.0.9, where an authentication bypass vulnerability allows unauthenticated attackers to access administrative web pages by disabling JavaScript. This enables navigation to multiple administrative endpoints and bypass of client-side validation...

CVE-2025-14823 Certificate Signing Extension Returns Encrypted Values

In deployments using the ScreenConnect™ Certificate Signing Extension, encrypted configuration values including an Azure Key Vault-related key, could be returned to unauthenticated users through a client-facing endpoint under certain conditions. The values remained encrypted and securely stored a...

EUVD-2025-203939

Amazon S3 Encryption Client for .NET has a Key Commitment Issue...

Exploit for Use of Client-Side Authentication in Necta Wifi_Mouse_Server

Paso 1 — Crear un payload REAL Windows msfvenom -p windows/x6...

CVE-2023-53927

PHPJabbers Simple CMS 5.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through section name parameters. Attackers can create sections with embedded JavaScript payloads that will execute when administrators view the sections,...

CVE-2023-53927

PHPJabbers Simple CMS 5.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through section name parameters. Attackers can create sections with embedded JavaScript payloads that will execute when administrators view the sections,...

CVE-2025-14761

The CVE-2025-14761 issue affects the AWS SDK for PHP S3 Encryption Client. When the encrypted data key (EDK) is stored in an Instruction File rather than S3 metadata, a lack of key commitment can allow a rogue EDK to decrypt the same ciphertext to different plaintext. Affected behavior is describ...

EUVD-2025-203941

Missing cryptographic key commitment in the AWS SDK for C++ may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgra...

Security Bulletin: Multiple vulnerabilities that affect IBM Db2 Intelligence Center (CVE-2025-47913, CVE-2022-25927, CVE-2025-6493, CWE-400, CWE-1333, CVE-2025-14687

Summary Multiple vulnerabilties fixed with Db2 Intelligence Center 1.1.3. Vulnerability Details CVEID:CVE-2025-47913 DESCRIPTION: SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. CVSS Source: CISA ADP CVSS Base...

Amazon S3 Encryption Client 安全漏洞

Amazon S3 Encryption Client is a client-side encryption library open-sourced by Amazon Web Services. A security vulnerability exists in Amazon S3 Encryption Client that stems from a lack of encryption key promises, which could cause a user with write access to an S3 storage bucket to introduce a...

Libredesk has Improper Neutralization of HTML Tags in a Web Page

Summary LibreDesk is vulnerable to stored HTML injection in the contact notes feature. When adding notes via POST /api/v1/contacts/id/notes, the backend automatically wraps user input in tags. However, by intercepting the request and removing the tag, an attacker can inject arbitrary HTML element...

CVE-2023-53878 Member Login Script 3.3 Client-Side Request Desynchronization Vulnerability

Member Login Script 3.3 contains a client-side desynchronization vulnerability that allows attackers to manipulate HTTP request handling by exploiting Content-Length header parsing. Attackers can send crafted POST requests with smuggled secondary requests to potentially bypass server-side request...

PT-2025-51296

Name of the Vulnerable Software and Affected Versions Member Login Script version 3.3 Description The software contains a client-side desynchronization issue related to how HTTP requests are handled. Specifically, the vulnerability stems from the parsing of the Content-Length header. An attacker...

Phpjabbers Member Login Script 环境问题漏洞

Phpjabbers Member Login Script is a Phpjabbers open source account management framework. An environmental issue vulnerability exists in Phpjabbers Member Login Script version 3.3, which stems from a client-side desynchronization vulnerability that could lead to manipulation of HTTP request...