Lucene search
K

117 matches found

CVE
CVE
added 2026/06/30 8:17 p.m.18 views

CVE-2025-36327

CVE-2025-36327 affects IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, and 5.3.0. An authenticated user can bypass security controls and perform unauthorized actions due to client-side enforcement of server-side security. The issue is described as a failure of client-side controls to enforce s...

6.5CVSS5.8AI score0.0036EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.12 views

PT-2026-53979

Name of the Vulnerable Software and Affected Versions IBM watsonx.data intelligence versions 5.2.0 through 5.3.0 Description An authenticated user can bypass security controls and perform unauthorized actions. This occurs because security checks that should be enforced on the server are instead...

6.5CVSS6AI score0.0036EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/08 7:46 p.m.51 views

CVE-2026-42160 Data Space Portal: Incorrect Authorization and Client-Side Enforcement of Server-Side Security in ghcr.io/sovity/ds-portal-ce-backend

Data Space Portal is an open-source Software as a Service SaaS solution designed to streamline Dataspace management. From version 2.1.1 to before version 7.3.2, there is insufficient authorization in the dataspace-portal backend regarding self-registered "PENDING" organization / user accounts. Th...

10CVSS0.00249EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/04 9:27 p.m.8 views

Client-Side Enforcement of Server-Side Security

Overview Affected versions of this package are vulnerable to Client-Side Enforcement of Server-Side Security in the GetSettings process. An attacker can obtain sensitive information by sending authenticated requests to the API, which returns protected fields such as authentication secrets, node...

7.1CVSS5.8AI score0.00295EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/09 7:48 p.m.1 views

Client-Side Enforcement of Server-Side Security

Overview Affected versions of this package are vulnerable to Client-Side Enforcement of Server-Side Security via the shareInfoHandler process. An attacker can gain unauthorized access to confidential shared files by querying the public API endpoint and extracting tokenized download URLs, which...

8.7CVSS5.8AI score0.00544EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2026/02/25 10:19 p.m.9 views

CVE-2026-23859

Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Client-Side Enforcement of Server-Side Security vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability to Protection mechanism bypass...

2.7CVSS5.5AI score0.0025EPSS
Exploits0References1
NVD
NVD
added 2026/02/24 8:27 p.m.10 views

CVE-2026-23859

Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Client-Side Enforcement of Server-Side Security vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability to Protection mechanism bypass...

2.7CVSS0.0025EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/24 7:35 p.m.6 views

CVE-2026-23859

Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Client-Side Enforcement of Server-Side Security vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability to Protection mechanism bypass...

2.7CVSS5.5AI score0.0025EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/24 7:35 p.m.4 views

CVE-2026-23859

Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Client-Side Enforcement of Server-Side Security vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability to Protection mechanism bypass...

2.7CVSS5.9AI score0.0025EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/24 7:35 p.m.24 views

CVE-2026-23859

Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Client-Side Enforcement of Server-Side Security vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability to Protection mechanism bypass...

2.7CVSS0.0025EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.11 views

PT-2026-21796

Name of the Vulnerable Software and Affected Versions Dell Wyse Management Suite versions prior to 5.5 Description Dell Wyse Management Suite versions prior to 5.5 have a Client-Side Enforcement of Server-Side Security issue. A high privileged attacker with remote access could potentially bypass ...

2.7CVSS5.3AI score0.0025EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/23 8:37 a.m.5 views

CVE-2026-1363

IAQS and I6 developed by JNC has a Client-Side Enforcement of Server-Side Security vulnerability, allowing unauthenticated remote attackers to gain administrator privileges by manipulating the web front-end...

9.8CVSS5.4AI score0.00538EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/23 8:37 a.m.5 views

CVE-2026-1363 JNC|IAQS and I6 - Client-Side Enforcement of Server-Side Security

IAQS and I6 developed by JNC has a Client-Side Enforcement of Server-Side Security vulnerability, allowing unauthenticated remote attackers to gain administrator privileges by manipulating the web front-end...

9.8CVSS5.5AI score0.00538EPSS
Exploits0References2
CVE
CVE
added 2026/01/23 8:37 a.m.17 views

CVE-2026-1363

CVE-2026-1363 affects IAQS and I6 by JNC. The issue is described as a Client-Side Enforcement of Server-Side Security vulnerability that lets unauthenticated remote attackers manipulate the web front-end to gain administrator privileges. CVSS metrics indicate high impact to confidentiality, integ...

9.8CVSS5.5AI score0.00538EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/23 8:37 a.m.37 views

CVE-2026-1363 JNC|IAQS and I6 - Client-Side Enforcement of Server-Side Security

IAQS and I6 developed by JNC has a Client-Side Enforcement of Server-Side Security vulnerability, allowing unauthenticated remote attackers to gain administrator privileges by manipulating the web front-end...

9.8CVSS0.00538EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/23 12:0 a.m.14 views

PT-2026-4342

Name of the Vulnerable Software and Affected Versions IAQS and I6 affected versions not specified Description A security flaw exists in IAQS and I6 developed by JNC, allowing unauthenticated remote attackers to obtain administrator privileges. This is due to a client-side enforcement of server-si...

9.8CVSS5.9AI score0.00538EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/01/23 12:0 a.m.8 views

JNC IAQS and JNC I6 security vulnerabilities

JNC IAQS and JNC I6 are products of JNC, a company from Taiwan, China. JNC IAQS is an intelligent indoor air quality monitoring and management system. JNC I6 is an IoT gateway recorder. Both JNC IAQS and JNC I6 have security vulnerabilities. These vulnerabilities stem from the client-side...

9.8CVSS5.9AI score0.00538EPSS
Exploits0References2
OSV
OSV
added 2026/01/20 4:16 p.m.12 views

CVE-2025-36410

IBM ApplinX 11.1 could allow an authenticated user to perform unauthorized administrative actions on the server due to server-side enforcement of client-side security...

4.3CVSS5.8AI score0.00159EPSS
Exploits0References1
NVD
NVD
added 2025/12/26 2:15 p.m.17 views

CVE-2025-14687

IBM Db2 Intelligence Center 1.1.0, 1.1.1, 1.1.2 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms...

6.5CVSS0.00178EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/26 1:21 p.m.6 views

CVE-2025-14687 Client-Side Enforcement of Server-Side Security in IBM Db2 Intelligence Center

IBM Db2 Intelligence Center 1.1.0, 1.1.1, 1.1.2 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms...

4.3CVSS6.1AI score0.00178EPSS
Exploits0References1
Rows per page
Query Builder