CWE-603
21 CVEs classified under CWE-603. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-1363 | Critical | 9.8 | 2026-01-23 | IAQS and I6 developed by JNC has a Client-Side Enforcement of Server-Side Security vulnerability, allowing unauthenticated remote attackers to gain administrat… |
CVE-2025-12868 | Critical | 9.8 | 2025-11-10 | New Site Server developed by CyberTutor has a Use of Client-Side Authentication vulnerability, allowing unauthenticated remote attackers to modify the frontend… |
CVE-2017-7909 | Critical | 9.8 | 2017-05-06 | A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScrip… |
CVE-2025-61940 | High | 8.3 | 2025-12-02 | NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is res… |
CVE-2025-62650 | High | 8.3 | 2025-10-17 | The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen. |
CVE-2025-24517 | High | 7.5 | 2025-03-31 | Use of client-side authentication issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a remote attacker may obtain the… |
CVE-2024-45785 | High | 7.5 | 2024-10-25 | MUSASI version 3 contains an issue with use of client-side authentication. If this vulnerability is exploited, other users' credential and sensitive informatio… |
CVE-2020-6988 | High | 7.5 | 2020-03-16 | Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Softw… |
CVE-2021-43355 | High | 7.3 | 2022-01-21 | Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 allows user input to be validated on the client side without authentication by the… |
CVE-2024-52327 | Medium | 6.5 | 2025-01-23 | The cloud service used by ECOVACS robot lawnmowers and vacuums allows authenticated attackers to bypass the PIN entry required to access the live video feed. |
CVE-2025-62649 | Medium | 5.8 | 2025-10-17 | The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for submission of equipment orders. |
CVE-2026-8830 | Medium | 4.3 | 2026-05-19 | A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScri… |
CVE-2026-42098 | | 2026-05-19 | Sparx Enterprise Architect software has a security feature that limits user's actions to those specified in the role. An authenticated attacker can modify the… | |
CVE-2026-40551 | | 2026-04-28 | mpGabinet performs client-side authentication. An attacker with access to any application instance connected to the backend server can bypass the login verific… | |
CVE-2025-30042 | | 2026-03-02 | The CGM CLININET system provides smart card authentication; however, authentication is conducted locally on the client device, and, in reality, only the certif… | |
CVE-2025-64119 | | 2026-01-02 | A vulnerability in Nuvation Battery Management System allows Authentication Bypass.This issue affects Battery Management System: through 2.3.9. | |
CVE-2024-39375 | | 2024-06-27 | TELSAT marKoni FM Transmitters are vulnerable to an attacker bypassing authentication and gaining administrator privileges. | |
CVE-2022-3218 | | 2022-09-19 | Due to a reliance on client-side authentication, the WiFi Mouse (Mouse Server) from Necta LLC's authentication mechanism is trivially bypassed, which can resul… | |
CVE-2022-33139 | | 2022-06-21 | A vulnerability has been identified in Cerberus DMS (All versions), Desigo CC (All versions), Desigo CC Compact (All versions), SIMATIC WinCC OA V3.16 (All ver… | |
CVE-2020-27266 | | 2021-01-19 | In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A m… |