CVEs classified under CWE-603, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (17)
CVE-2026-1363 — CVSS 9.8 (critical): IAQS and I6 developed by JNC has a Client-Side Enforcement of Server-Side Security vulnerability, allowing unauthenticated remote attackers…
CVE-2025-12868 — CVSS 9.8 (critical): New Site Server developed by CyberTutor has a Use of Client-Side Authentication vulnerability, allowing unauthenticated remote attackers to…
CVE-2024-39375 — CVSS 9.8 (critical): TELSAT marKoni FM Transmitters are vulnerable to an attacker bypassing authentication and gaining administrator privileges.
CVE-2022-33139 — CVSS 9.8 (critical): A vulnerability has been identified in Cerberus DMS (All versions), Desigo CC (All versions), Desigo CC Compact (All versions), SIMATIC…
CVE-2025-64119: A vulnerability in Nuvation Battery Management System allows Authentication Bypass.This issue affects Battery Management System: through…
CVE-2020-7591 — CVSS 8.8 (high): A vulnerability has been identified in SIPORT MP (All versions < 3.2.1). Vulnerable versions of the device could allow an authenticated…
CVE-2026-42098: Sparx Enterprise Architect software has a security feature that limits user's actions to those specified in the role. An authenticated…
CVE-2026-40551: mpGabinet performs client-side authentication. An attacker with access to any application instance connected to the backend server can…
CVE-2025-61940 — CVSS 8.3 (high): NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the…
CVE-2025-62650 — CVSS 8.3 (high): The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for use of the…
CVE-2025-30042 — CVSS 7.8 (high): The CGM CLININET system provides smart card authentication; however, authentication is conducted locally on the client device, and, in…
CVE-2025-24517 — CVSS 7.5 (high): Use of client-side authentication issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a remote…
CVE-2024-45785 — CVSS 7.5 (high): MUSASI version 3 contains an issue with use of client-side authentication. If this vulnerability is exploited, other users' credential and…
CVE-2024-28627 — CVSS 7.5 (high): An issue in Flipsnack v.18/03/2024 allows a local attacker to obtain sensitive information via the reader.gz.js file.
CVE-2024-52327 — CVSS 6.5 (medium): The cloud service used by ECOVACS robot lawnmowers and vacuums allows authenticated attackers to bypass the PIN entry required to access…
CVE-2025-62649 — CVSS 5.8 (medium): The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for submission of…
CVE-2026-8830 — CVSS 4.3 (medium): A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating…