Weaknesses of type CWE-602
121 resultsCVE-2025-6025HIGHOrder Tip for WooCommerce <= 1.5.4 - Unauthenticated Tip Manipulation to Negative Value Leading to Unauthorized DiscountsEPSS 0.4%CVE-2026-54104HIGHU.S. GAO EPDS and CBCA EDS client-based privilege escalationEPSS 0.4%CVE-2026-23478CRITICALCal.com has an Authentication Bypass via Unvalidated Email in Custom JWT CallbackEPSS 0.4%CVE-2023-20172MEDIUMCisco Identity Services Engine Arbitrary File Delete and File Read VulnerabilitiesEPSS 0.4%CVE-2025-66507HIGH1Panel – CAPTCHA Bypass via Client-Controlled FlagEPSS 0.4%CVE-2025-51682CRITICALmJobtime 15.7.2 handles authorization on the client side, which allows an attacker to modify the client-side code and gain access to adminisEPSS 0.4%CVE-2024-32685MEDIUMWordPress WP Ultimate Review plugin <= 2.2.5 - Review Score Manipulation vulnerabilityEPSS 0.4%CVE-2023-20171MEDIUMCisco Identity Services Engine Arbitrary File Delete and File Read VulnerabilitiesEPSS 0.4%CVE-2026-30783MEDIUMRustDesk Client Can Orphan API Channel to Ignore All Admin Commands and ACL PoliciesEPSS 0.4%CVE-2025-43699MEDIUMClient-Side Enforcement of Server-Side Security vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of required permission checEPSS 0.4%CVE-2023-20106MEDIUMCisco Identity Services Engine Arbitrary File Delete and File Read VulnerabilitiesEPSS 0.4%CVE-2025-53969HIGHCognex In-Sight Explorer and In-Sight Camera Firmware Client-Side Enforcement of Server-Side SecurityEPSS 0.4%CVE-2025-56694MEDIUMClient-side password validation (CWE-602) in lumasoft fotoShare Cloud 2025-03-13 allowing unauthenticated attackers to view password-protectEPSS 0.4%CVE-2021-36338MEDIUMUnisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentiallyEPSS 0.4%CVE-2024-32521MEDIUMWordPress Zero Spam for WordPress plugin <= 5.5.6 - Bypass Spam Protection vulnerabilityEPSS 0.4%CVE-2025-20113HIGHCisco Unified Intelligence Center Privilege Escalation VulnerabilityEPSS 0.3%CVE-2024-20476MEDIUMCisco Identity Services Engine Authorization Bypass VulnerabilityEPSS 0.3%CVE-2024-32512MEDIUMWordPress weForms plugin <= 1.6.20 - Form Submission Restriction Bypass vulnerabilityEPSS 0.3%CVE-2025-42601HIGHCaptcha Bypass Vulnerability in Meon KYC solutionsEPSS 0.3%CVE-2025-25497HIGHAn issue in account management interface in Netsweeper Server v.8.2.6 and earlier (fixed in v.8.2.7) allows unauthorized changes to the "AccEPSS 0.3%