CWE-602

125 CVEs classified under CWE-602. Browse by severity and year.

Top CVEs for CWE-602
CVESeverityScorePublishedSummary
CVE-2025-33025Critical9.92025-05-13A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (Al…
CVE-2025-33024Critical9.92025-05-13A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (Al…
CVE-2025-32469Critical9.92025-05-13A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (Al…
CVE-2026-30783Critical9.82026-03-05A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Client signaling, API sync loop, config m…
CVE-2026-23478Critical9.82026-01-13Cal.com is open-source scheduling software. From 3.1.6 to before 6.0.7, there is a vulnerability in a custom NextAuth JWT callback that allows attackers to gai…
CVE-2025-51682Critical9.82025-12-01mJobtime 15.7.2 handles authorization on the client side, which allows an attacker to modify the client-side code and gain access to administrative features. A…
CVE-2025-10640Critical9.82025-10-21An unauthenticated attacker with access to TCP port 12306 of the WorkExaminer server can exploit missing server-side authentication checks to bypass the login…
CVE-2025-27681Critical9.82025-03-05Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 mishandles Client Inter-process Security V-2022-004.
CVE-2024-12603Critical9.82024-12-13A logic vulnerability in the the mobile application (com.transsion.applock) can lead to bypassing the application password.
CVE-2023-0750Critical9.82023-04-06Yellobrik PEC-1864 implements authentication checks via javascript in the frontend interface.  When the device can be accessed over the network an attacker cou…
CVE-2020-24683Critical9.82020-12-22The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (cl…
CVE-2022-20658Critical9.62022-01-14A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain…
CVE-2022-1525Critical9.12022-09-06The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-602: Client-Side Enforcement of Server-Side Security, w…
CVE-2026-25737High8.92026-03-09Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.24.0 and earlier, an arbitrary file upload vulnerability exists…
CVE-2025-61197High8.92025-10-06An issue in Orban Optimod 5950, Optimod 5950HD, Optimod 5750, Optimod 5750HD, Optimod Trio Optimod version 1.0.0.33 - System version 2.5.26 allows a remote att…
CVE-2026-54104High8.82026-06-18The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic Docketing S…
CVE-2026-11092High8.82026-06-04Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension t…
CVE-2026-42266High8.82026-05-13JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-…
CVE-2025-53969High8.82025-09-18Cognex In-Sight Explorer and In-Sight Camera Firmware expose a service implementing a proprietary protocol on TCP port 1069 to allow the client-side software…
CVE-2024-52008High8.82024-11-26Fides is an open-source privacy engineering platform. The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to…