CVEs classified under CWE-602, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2026-42160: Data Space Portal is an open-source Software as a Service (SaaS) solution designed to streamline Dataspace management. From version 2.1.1…
CVE-2025-33025 — CVSS 9.9 (critical): A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5)…
CVE-2025-33024 — CVSS 9.9 (critical): A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5)…
CVE-2025-32469 — CVSS 9.9 (critical): A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5)…
CVE-2026-30783 — CVSS 9.8 (critical): A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Client signaling, API…
CVE-2026-23478 — CVSS 9.8 (critical): Cal.com is open-source scheduling software. From 3.1.6 to before 6.0.7, there is a vulnerability in a custom NextAuth JWT callback that…
CVE-2025-51682 — CVSS 9.8 (critical): mJobtime 15.7.2 handles authorization on the client side, which allows an attacker to modify the client-side code and gain access to…
CVE-2025-10640 — CVSS 9.8 (critical): An unauthenticated attacker with access to TCP port 12306 of the WorkExaminer server can exploit missing server-side authentication checks…
CVE-2024-12603 — CVSS 9.8 (critical): A logic vulnerability in the the mobile application (com.transsion.applock) can lead to bypassing the application password.
CVE-2022-1525 — CVSS 9.1 (critical): The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-602: Client-Side Enforcement of…
CVE-2025-61197 — CVSS 8.9 (high): An issue in Orban Optimod 5950, Optimod 5950HD, Optimod 5750, Optimod 5750HD, Optimod Trio Optimod version 1.0.0.33 - System version 2.5.26…
CVE-2026-14086 — CVSS 8.8 (high): Insufficient policy enforcement in HID in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a…
CVE-2026-14041 — CVSS 8.8 (high): Insufficient policy enforcement in Serial in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalation…
CVE-2026-14036 — CVSS 8.8 (high): Insufficient policy enforcement in Bluetooth in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege…
CVE-2026-13903 — CVSS 8.8 (high): Insufficient policy enforcement in Bluetooth in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege…
CVE-2026-54104 — CVSS 8.8 (high): The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA)…
CVE-2026-11092 — CVSS 8.8 (high): Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a…
CVE-2025-53969 — CVSS 8.8 (high): Cognex In-Sight Explorer and In-Sight Camera Firmware expose a service implementing a proprietary protocol on TCP port 1069 to allow the…
CVE-2024-52008 — CVSS 8.8 (high): Fides is an open-source privacy engineering platform. The user invite acceptance API endpoint lacks server-side password policy…
CVE-2024-44106 — CVSS 8.8 (high): Insufficient server-side controls in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local…
CVE-2024-31491 — CVSS 8.8 (high): A client-side enforcement of server-side security vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through…
CVE-2024-28029 — CVSS 8.8 (high): Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access…
CVE-2025-9495: The Vitogate 300 web interface fails to enforce proper server-side authentication and relies on frontend-based authentication controls…
CVE-2026-11236 — CVSS 8.3 (high): Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the…
CVE-2025-42601: This vulnerability exists in Meon KYC solutions due to insufficient server-side validation of the Captcha in certain API endpoints. A…
CVE-2026-11011 — CVSS 8.1 (high): Insufficient policy enforcement in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised…
CVE-2025-25497 — CVSS 8.1 (high): An issue in account management interface in Netsweeper Server v.8.2.6 and earlier (fixed in v.8.2.7) allows unauthorized changes to the…
CVE-2025-40591 — CVSS 7.7 (high): A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5)…
CVE-2025-32808 — CVSS 7.7 (high): W. W. Norton InQuizitive through 2025-04-08 allows students to insert arbitrary records of their quiz performance into the backend, because…
CVE-2026-57913 — CVSS 7.5 (high): Johnson & Johnson Audit Tracking Management System (ATMS) before 2026-04-21 allows viewing of meeting minutes and transcripts.
CVE-2026-57912 — CVSS 7.5 (high): Johnson & Johnson Campus Recruiting before 2025-10-31 allows viewing of data provided by recruited students, and notes entered about…
CVE-2025-7820 — CVSS 7.5 (high): The SKT PayPal for WooCommerce plugin for WordPress is vulnerable to Payment Bypass in all versions up to, and including, 1.4. This is due…
CVE-2025-12115 — CVSS 7.5 (high): The WPC Name Your Price for WooCommerce plugin for WordPress is vulnerable to unauthorized price alteration in all versions up to, and…
CVE-2025-6025 — CVSS 7.5 (high): The Order Tip for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Improper Input Validation in all versions up to, and…
CVE-2025-47697 — CVSS 7.5 (high): Client-side enforcement of server-side security issue exists in wivia 5 all versions. If exploited, an unauthenticated attacker may bypass…
CVE-2024-23666 — CVSS 7.5 (high): A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least version 7.4.0 and 7.2.0 through 7.2.6 and…
CVE-2014-2374 — CVSS 7.5 (high): The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings…
CVE-2014-2373 — CVSS 7.5 (high): The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings…
CVE-2022-3308 — CVSS 7.4 (high): Insufficient policy enforcement in developer tools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially perform…
CVE-2026-44567 — CVSS 7.3 (high): Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, the API does not…
CVE-2026-56256 — CVSS 7.1 (high): Capgo before 12.128.2 enforces mandatory two-factor authentication only at the UI level. Sensitive Organization (ORG) management API…
CVE-2025-33137 — CVSS 7.1 (high): IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on…
CVE-2025-20113 — CVSS 7.1 (high): A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator…
CVE-2024-9844 — CVSS 7.1 (high): Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote…
CVE-2025-6249 — CVSS 6.7 (medium): An authentication bypass vulnerability was reported in FileZ client application that could allow a local attacker with elevated permissions…
CVE-2026-14081 — CVSS 6.5 (medium): Insufficient policy enforcement in DevTools in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a…
CVE-2026-14033 — CVSS 6.5 (medium): Insufficient policy enforcement in Media in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to bypass site…
CVE-2026-14007 — CVSS 6.5 (medium): Insufficient policy enforcement in PermissionsPolicy in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation…