CVE-2026-42160 Data Space Portal: Incorrect Authorization and Client-Side Enforcement of Server-Side Security in ghcr.io/sovity/ds-portal-ce-backend

Data Space Portal is an open-source Software as a Service SaaS solution designed to streamline Dataspace management. From version 2.1.1 to before version 7.3.2, there is insufficient authorization in the dataspace-portal backend regarding self-registered "PENDING" organization / user accounts. Th...

Client-Side Enforcement of Server-Side Security

Overview Affected versions of this package are vulnerable to Client-Side Enforcement of Server-Side Security in the GetSettings process. An attacker can obtain sensitive information by sending authenticated requests to the API, which returns protected fields such as authentication secrets, node...

Client-Side Enforcement of Server-Side Security

Overview Affected versions of this package are vulnerable to Client-Side Enforcement of Server-Side Security via the shareInfoHandler process. An attacker can gain unauthorized access to confidential shared files by querying the public API endpoint and extracting tokenized download URLs, which...

CVE-2026-23859

Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Client-Side Enforcement of Server-Side Security vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability to Protection mechanism bypass...

CVE-2026-23859

Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Client-Side Enforcement of Server-Side Security vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability to Protection mechanism bypass...

CVE-2026-23859

Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Client-Side Enforcement of Server-Side Security vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability to Protection mechanism bypass...

CVE-2026-23859

Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Client-Side Enforcement of Server-Side Security vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability to Protection mechanism bypass...

CVE-2026-23859

Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Client-Side Enforcement of Server-Side Security vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability to Protection mechanism bypass...

PT-2026-21796

Name of the Vulnerable Software and Affected Versions Dell Wyse Management Suite versions prior to 5.5 Description Dell Wyse Management Suite versions prior to 5.5 have a Client-Side Enforcement of Server-Side Security issue. A high privileged attacker with remote access could potentially bypass ...

CVE-2026-1363

CVE-2026-1363 affects IAQS and I6 by JNC. The issue is described as a Client-Side Enforcement of Server-Side Security vulnerability that lets unauthenticated remote attackers manipulate the web front-end to gain administrator privileges. CVSS metrics indicate high impact to confidentiality, integ...

CVE-2026-1363

IAQS and I6 developed by JNC has a Client-Side Enforcement of Server-Side Security vulnerability, allowing unauthenticated remote attackers to gain administrator privileges by manipulating the web front-end...

CVE-2026-1363 JNC｜IAQS and I6 - Client-Side Enforcement of Server-Side Security

IAQS and I6 developed by JNC has a Client-Side Enforcement of Server-Side Security vulnerability, allowing unauthenticated remote attackers to gain administrator privileges by manipulating the web front-end...

CVE-2026-1363 JNC｜IAQS and I6 - Client-Side Enforcement of Server-Side Security

IAQS and I6 developed by JNC has a Client-Side Enforcement of Server-Side Security vulnerability, allowing unauthenticated remote attackers to gain administrator privileges by manipulating the web front-end...

PT-2026-4342

Name of the Vulnerable Software and Affected Versions IAQS and I6 affected versions not specified Description A security flaw exists in IAQS and I6 developed by JNC, allowing unauthenticated remote attackers to obtain administrator privileges. This is due to a client-side enforcement of server-si...

JNC IAQS and JNC I6 security vulnerabilities

JNC IAQS and JNC I6 are products of JNC, a company from Taiwan, China. JNC IAQS is an intelligent indoor air quality monitoring and management system. JNC I6 is an IoT gateway recorder. Both JNC IAQS and JNC I6 have security vulnerabilities. These vulnerabilities stem from the client-side...

CVE-2025-36410

IBM ApplinX 11.1 could allow an authenticated user to perform unauthorized administrative actions on the server due to server-side enforcement of client-side security...

CVE-2025-14687

IBM Db2 Intelligence Center 1.1.0, 1.1.1, 1.1.2 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms...

CVE-2025-14687

CVE-2025-14687 affects IBM Db2 Intelligence Center versions 1.1.0–1.1.2. The vulnerability arises from client-side enforcement of server-side security mechanisms, allowing an authenticated user to perform unauthorized actions. Red Hat and CVE records corroborate the issue and reference the IBM ad...

CVE-2025-14687 Client-Side Enforcement of Server-Side Security in IBM Db2 Intelligence Center

IBM Db2 Intelligence Center 1.1.0, 1.1.1, 1.1.2 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms...

CVE-2025-14687 Client-Side Enforcement of Server-Side Security in IBM Db2 Intelligence Center

IBM Db2 Intelligence Center 1.1.0, 1.1.1, 1.1.2 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms...