CWE-602: CWE-602

This vulnerability in Orban Optimod audio processors allows remote attackers to escalate privileges by manipulating client-side browser storage that c...

Cognex In-Sight Explorer and In-Sight Camera Firmware expose a service on TCP port 1069 that allows management operations. The vulnerability allows at...

This vulnerability allows attackers to bypass server-side security controls in Fortinet FortiSandbox by manipulating client-side HTTP requests, enabli...

This vulnerability in CyberArk products involves client-side enforcement of server-side security (CWE-602), allowing attackers to bypass intended secu...

CVE-2025-25497 is a client-side validation bypass vulnerability in Netsweeper Server that allows attackers to reassign account ownership without autho...

This vulnerability allows a local authenticated user with monitor role privileges in Dell Unisphere for PowerMax to bypass authorization controls and ...

CVE-2025-32808 is a client-side access control vulnerability in W. W. Norton InQuizitive that allows students to insert arbitrary records of their qui...

The SKT PayPal for WooCommerce WordPress plugin has a payment bypass vulnerability that allows unauthenticated attackers to complete purchases without...

The WPC Name Your Price for WooCommerce WordPress plugin allows unauthenticated attackers to purchase products at arbitrary prices even when custom pr...

The Order Tip for WooCommerce WordPress plugin has an unauthenticated input validation vulnerability that allows attackers to manipulate tip amounts. ...

CVE-2025-47697 is an authentication bypass vulnerability in wivia 5 where client-side security controls can be manipulated to bypass server-side authe...

IBM Aspera Faspex versions 5.0.0 through 5.0.12 have a client-side security enforcement vulnerability that allows authenticated users to bypass server...

This vulnerability allows authenticated remote attackers to elevate privileges to Administrator level for limited functions in Cisco Unified Intellige...

This vulnerability allows authenticated remote attackers to bypass security restrictions in Ivanti Connect Secure's Secure Application Manager. It aff...

IBM Aspera Faspex versions 5.0.0 through 5.0.12.1 have a client-side security control bypass vulnerability where authenticated users can perform unaut...

This vulnerability in IBM Cloud Pak for Business Automation allows authenticated users to bypass client-side validation in the authoring interface, po...

CVE-2025-28168 is an unrestricted file upload vulnerability in the Multiple File Upload add-on for OutSystems. Attackers can bypass client-side file v...

This vulnerability allows authenticated administrators with read-only permissions to modify restricted settings in Ivanti Connect Secure and Ivanti Po...

A privilege escalation vulnerability in SINEMA Remote Connect Server allows authenticated local users with self-management privileges to modify users ...

This CVE describes an out-of-bounds data read vulnerability in Huawei's authorization module that could allow attackers to read unauthorized memory co...

This vulnerability in lumasoft fotoShare Cloud allows unauthenticated attackers to bypass password protection on photo albums due to client-side valid...

This vulnerability allows privileged operators in Gallagher Command Centre Server to bypass expiry checks when entering competency data due to client-...

This vulnerability in IBM SmartCloud Analytics - Log Analysis allows a local authenticated attacker to bypass client-side security controls to manipul...

The Spin Wheel WordPress plugin allows unauthenticated attackers to manipulate prize selection by modifying client-side parameters. This vulnerability...

This vulnerability allows unauthenticated attackers to bypass payment requirements in the Hydra Booking WordPress plugin. Attackers can confirm bookin...

This vulnerability allows authenticated users to bypass client-side validation in IBM OpenPages with Watson, enabling them to save GRC Objects without...

This vulnerability in the Wp Ultimate Review WordPress plugin allows attackers to manipulate review scores by bypassing server-side security checks th...

This vulnerability in the Zero Spam WordPress plugin allows attackers to bypass spam protection mechanisms by exploiting client-side enforcement of se...

This vulnerability in IBM Cloud Pak for Business Automation allows attackers to perform unauthorized actions or access restricted content through man-...

This vulnerability in Axis Camera Station Pro allows authenticated users to edit or delete camera views without proper authorization due to insufficie...

IBM Db2 Intelligence Center versions 1.1.0 through 1.1.2 contain a client-side enforcement vulnerability where security mechanisms that should be enfo...

This vulnerability in LitmusChaos Litmus allows attackers to bypass server-side security controls through client-side manipulation. It affects LitmusC...

IBM ApplinX 11.1 has a client-side security enforcement vulnerability that allows authenticated users to perform unauthorized administrative actions o...

This vulnerability allows privileged users in IBM Controller/Cognos Controller to bypass server-side security validation by manipulating client-side i...