CWE-602
125 CVEs classified under CWE-602. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-33025 | Critical | 9.9 | 2025-05-13 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (Al… |
CVE-2025-33024 | Critical | 9.9 | 2025-05-13 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (Al… |
CVE-2025-32469 | Critical | 9.9 | 2025-05-13 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (Al… |
CVE-2026-30783 | Critical | 9.8 | 2026-03-05 | A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Client signaling, API sync loop, config m… |
CVE-2026-23478 | Critical | 9.8 | 2026-01-13 | Cal.com is open-source scheduling software. From 3.1.6 to before 6.0.7, there is a vulnerability in a custom NextAuth JWT callback that allows attackers to gai… |
CVE-2025-51682 | Critical | 9.8 | 2025-12-01 | mJobtime 15.7.2 handles authorization on the client side, which allows an attacker to modify the client-side code and gain access to administrative features. A… |
CVE-2025-10640 | Critical | 9.8 | 2025-10-21 | An unauthenticated attacker with access to TCP port 12306 of the WorkExaminer server can exploit missing server-side authentication checks to bypass the login… |
CVE-2025-27681 | Critical | 9.8 | 2025-03-05 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 mishandles Client Inter-process Security V-2022-004. |
CVE-2024-12603 | Critical | 9.8 | 2024-12-13 | A logic vulnerability in the the mobile application (com.transsion.applock) can lead to bypassing the application password. |
CVE-2023-0750 | Critical | 9.8 | 2023-04-06 | Yellobrik PEC-1864 implements authentication checks via javascript in the frontend interface. When the device can be accessed over the network an attacker cou… |
CVE-2020-24683 | Critical | 9.8 | 2020-12-22 | The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (cl… |
CVE-2022-20658 | Critical | 9.6 | 2022-01-14 | A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain… |
CVE-2022-1525 | Critical | 9.1 | 2022-09-06 | The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-602: Client-Side Enforcement of Server-Side Security, w… |
CVE-2026-25737 | High | 8.9 | 2026-03-09 | Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.24.0 and earlier, an arbitrary file upload vulnerability exists… |
CVE-2025-61197 | High | 8.9 | 2025-10-06 | An issue in Orban Optimod 5950, Optimod 5950HD, Optimod 5750, Optimod 5750HD, Optimod Trio Optimod version 1.0.0.33 - System version 2.5.26 allows a remote att… |
CVE-2026-54104 | High | 8.8 | 2026-06-18 | The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic Docketing S… |
CVE-2026-11092 | High | 8.8 | 2026-06-04 | Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension t… |
CVE-2026-42266 | High | 8.8 | 2026-05-13 | JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-… |
CVE-2025-53969 | High | 8.8 | 2025-09-18 | Cognex In-Sight Explorer and In-Sight Camera Firmware expose a service implementing a proprietary protocol on TCP port 1069 to allow the client-side software… |
CVE-2024-52008 | High | 8.8 | 2024-11-26 | Fides is an open-source privacy engineering platform. The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to… |