CWE-602

Medium likelihood

Client-Side Enforcement of Server-Side Security

Parent: CWE-693 - Protection Mechanism Failure

The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.

118 vulnerabilities with CWE-602
CVE-2026-23478 CRITICAL
cal.com 3.1.6-6.0.7 - Unauthenticated Account Takeover via NextAuth JWT Callback
CVSS 9.8
CVE-2025-36410 LOW
IBM ApplinX 11.1 - Privilege Escalation
CVSS 3.1
CVE-2025-14687 MEDIUM
IBM Db2 Intelligence Center <1.1.3 - Privilege Escalation
CVSS 4.3
CVE-2025-66507 HIGH
1Panel < 2.0.14 - Unauthenticated CAPTCHA Bypass via Client-Controlled Parameter
CVSS 7.5
CVE-2025-36102 LOW
IBM Controller <11.1.1 - Auth Bypass
CVSS 2.7
CVE-2025-51682 CRITICAL
mJobtime 15.7.2 - Unauthenticated Privilege Escalation via Client-Side Authorization Bypass
CVSS 9.8
CVE-2025-7820 HIGH
SKT PayPal for WooCommerce <1.4 - Auth Bypass
CVSS 7.5
CVE-2025-10161 HIGH
Turkguven Software Technologies Inc. Perfektive <12574.2701 - Auth ...
CVSS 7.3
CVE-2025-12788 MEDIUM
Hydra Booking - Appointment Scheduling & Booking Calendar <1.1.27 -...
CVSS 5.3
CVE-2025-36093 MEDIUM
IBM Cloud Pak For Business Automation <25.0.0 - Info Disclosure
CVSS 4.8
CVE-2025-12115 HIGH
WPC Name Your Price for WooCommerce <2.1.9 - Info Disclosure
CVSS 7.5
CVE-2025-41402 MEDIUM
Command Centre Server <9.30.2482, <9.20.2819, <9.10.3672, <=9.00 - ...
CVSS 5.5
CVE-2025-10640 CRITICAL
WorkExaminer Professional - Auth Bypass
CVSS 9.8
CVE-2025-2139 LOW
IBM Engineering Requirements Management Doors Next <7.1 - Privilege...
CVSS 3.5
CVE-2025-2138 LOW
IBM Engineering Requirements Management Doors Next <7.1 - Privilege...
CVSS 3.5
CVE-2025-61197 HIGH
Orban Optimod <1.0.0.33-2.5.26 - Privilege Escalation
CVSS 8.9
CVE-2025-9495 HIGH
Viessmann Vitogate 300 < 3.0.0.0 - Unauthenticated Authentication Bypass via Client-Side UI Manipulation
CVE-2025-53969 HIGH
Cognex In-Sight Explorer & Camera Firmware 5.x-6.5.1 - Unauthenticated TCP Port 1069 Management
CVSS 8.8
CVE-2025-56694 MEDIUM
lumasoft fotoShare Cloud <2025-03-13 - Info Disclosure
CVSS 5.8
CVE-2025-6025 HIGH
Order Tip for WooCommerce 1.5.4 - Unauthenticated SQL Injection
CVSS 7.5
CVE-2025-8792 MEDIUM
LitmusChaos Litmus < 3.19.0 - Client-Side Enforcement of Server-Side Security
CVSS 4.3
CVE-2025-54833 MEDIUM
OPEXUS FOIAXpress PAL <11.1.0 - Auth Bypass
CVSS 5.3
CVE-2025-36039 MEDIUM
IBM Aspera Faspex <5.0.12.1 - Privilege Escalation
CVSS 6.5
CVE-2025-6249 MEDIUM
Lenovo FileZ Client < 11.1.0.14 - Authentication Bypass
CVSS 6.7
CVE-2025-27367 MEDIUM
IBM OpenPages with Watson 8.3-9.0 - Auth Bypass
CVSS 5.3
Details
Vulnerabilities 118
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits