CWE-603
21 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-603page 1 of 1
- CVE-2020-27266MEDIUMCVSS 6.5EG 6.52021-01-19
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass user authenti…
- CVE-2020-6988HIGHCVSS 7.5EG 7.52020-03-16
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, A remote, unauthenticated attacker can send a request fro…
- CVE-2020-7591HIGHCVSS 8.8EG 8.82020-10-15
A vulnerability has been identified in SIPORT MP (All versions < 3.2.1). Vulnerable versions of the device could allow an authenticated attacker to impersonate other users of the system and perform (potentially administrative) actions on b…
- CVE-2021-43355HIGHCVSS 7.3EG 9.82022-01-21
Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 allows user input to be validated on the client side without authentication by the server. The server should not rely on the correctness of the data because users…
- CVE-2022-3218CRITICALCVSS 9.8EG 9.82022-09-19
Due to a reliance on client-side authentication, the WiFi Mouse (Mouse Server) from Necta LLC's authentication mechanism is trivially bypassed, which can result in remote code execution.
- CVE-2022-33139CRITICALCVSS 9.8EG 9.82022-06-21
A vulnerability has been identified in Cerberus DMS (All versions), Desigo CC (All versions), Desigo CC Compact (All versions), SIMATIC WinCC OA V3.16 (All versions in default configuration), SIMATIC WinCC OA V3.17 (All versions in non-def…
- CVE-2022-38114MEDIUMCVSS 6.1EG 6.12022-11-23
This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS.
- CVE-2024-28627HIGHCVSS 7.5EG 7.52024-04-23
An issue in Flipsnack v.18/03/2024 allows a local attacker to obtain sensitive information via the reader.gz.js file.
- CVE-2024-39375CRITICALCVSS 9.8EG 9.82024-06-27
TELSAT marKoni FM Transmitters are vulnerable to an attacker bypassing authentication and gaining administrator privileges.
- CVE-2024-45785HIGHCVSS 7.5EG 7.52024-10-25
MUSASI version 3 contains an issue with use of client-side authentication. If this vulnerability is exploited, other users' credential and sensitive information may be retrieved.
- CVE-2024-52327MEDIUMCVSS 6.5EG 6.52025-01-23
The cloud service used by ECOVACS robot lawnmowers and vacuums allows authenticated attackers to bypass the PIN entry required to access the live video feed.
- CVE-2025-12868CRITICALCVSS 9.8EG 9.82025-11-10
New Site Server developed by CyberTutor has a Use of Client-Side Authentication vulnerability, allowing unauthenticated remote attackers to modify the frontend code to gain administrator privileges on the website.
- CVE-2025-24517HIGHCVSS 7.5EG 7.52025-03-31
Use of client-side authentication issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a remote attacker may obtain the product login password without authentication.
- CVE-2025-61940HIGHCVSS 8.3EG 8.32025-12-02
NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underl…
- CVE-2025-62649MEDIUMCVSS 5.8EG 5.82025-10-17
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for submission of equipment orders.
- CVE-2025-62650HIGHCVSS 8.3EG 8.32025-10-17
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen.
- CVE-2025-64119CRITICALCVSS 9.3EG 0.02026-01-02
A vulnerability in Nuvation Battery Management System allows Authentication Bypass.This issue affects Battery Management System: through 2.3.9.
- CVE-2026-1363CRITICALCVSS 9.8EG 9.82026-01-23
IAQS and I6 developed by JNC has a Client-Side Enforcement of Server-Side Security vulnerability, allowing unauthenticated remote attackers to gain administrator privileges by manipulating the web front-end.
- CVE-2026-40551HIGHCVSS 8.4EG 8.42026-04-28
mpGabinet performs client-side authentication. An attacker with access to any application instance connected to the backend server can bypass the login verification process by manipulating the application binary and authenticate as an arbi…
- CVE-2026-42098HIGHCVSS 8.7EG 8.72026-05-19
Sparx Enterprise Architect software has a security feature that limits user's actions to those specified in the role. An authenticated attacker can modify the Enterprise Architect client behavior (e.g. using a debugger) and log in as any …
- CVE-2026-8830MEDIUMCVSS 4.3EG 4.32026-05-19
A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction() fails to validate that t…
Map vulnerabilities like CWE-603 to your infrastructure
EchelonGraph correlates every CVE — across CWE-603 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →