127 matches found
ZKTeco BioTime v8.5.5 - Path Traversal
A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. id: CVE-2023-38950 info: name: ZKTeco BioTime v8.5.5 - Path Traversal author: iamnoooob,pdresearch severity: high description: | A pa...
CVE-2022-38801
In Zkteco BioTime 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting...
CVE-2022-38803
Zkteco BioTime 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log. An authenticated employee can read local files by exploiting XSS into a pdf generator when exporting data as a PDF...
CVE-2025-15128
A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown part of the file /base/safesetting/ of the component Endpoint. Performing a manipulation of the argument backupencryptionpassworddecrypt/exportencryptionpassworddecrypt results in unprotected storage o...
EUVD-2025-205498
A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown part of the file /base/safesetting/ of the component Endpoint. Performing manipulation of the argument backupencryptionpassworddecrypt/exportencryptionpassworddecrypt results in unprotected storage of...
CVE-2025-15128
A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown part of the file /base/safesetting/ of the component Endpoint. Performing a manipulation of the argument backupencryptionpassworddecrypt/exportencryptionpassworddecrypt results in unprotected storage o...
CVE-2025-15128
A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown part of the file /base/safesetting/ of the component Endpoint. Performing a manipulation of the argument backupencryptionpassworddecrypt/exportencryptionpassworddecrypt results in unprotected storage o...
CVE-2025-15128
ZKTeco BioTime Endpoint (affected: up to 9.0.3/9.0.4/9.5.2) contains a vulnerability in the file /base/safe_setting/ within the Endpoint component. Manipulating the arguments backup_encryption_password_decrypt/export_encryption_password_decrypt can lead to unprotected storage of credentials. Remo...
CVE-2025-15128 ZKTeco BioTime Endpoint safe_setting credentials storage
A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown part of the file /base/safesetting/ of the component Endpoint. Performing a manipulation of the argument backupencryptionpassworddecrypt/exportencryptionpassworddecrypt results in unprotected storage o...
PT-2025-53643
Name of the Vulnerable Software and Affected Versions ZKTeco BioTime versions 9.0.3 through 9.0.4 ZKTeco BioTime version 9.5.2 Description A security issue exists in ZKTeco BioTime related to the storage of credentials. Manipulation of the backup encryption password decrypt/export encryption...
ZKTeco BioTime 安全漏洞
ZKTeco BioTime is a powerful web-based time and attendance management software from the Chinese company ZKTeco. A security vulnerability exists in ZKTeco BioTime versions 9.0.3, 9.0.4, and 9.5.2, which stems from a vulnerability in the parameter...
EUVD-2022-52376
Malicious code in bioql PyPI...
EUVD-2023-42709
Malicious code in bioql PyPI...
EUVD-2023-55864
Malicious code in bioql PyPI...
EUVD-2023-42711
Malicious code in bioql PyPI...
EUVD-2024-47604
Malicious code in bioql PyPI...
EUVD-2023-42712
Malicious code in bioql PyPI...
EUVD-2022-41361
Malicious code in bioql PyPI...
EUVD-2022-41362
Malicious code in bioql PyPI...
ZKTeco BioTime < 9.0.1 (20240617.19506) Multiple Vulnerebilities
According to its self-reported version, the instance of ZKTeco BioTime running on the remote web server is prior to 9.0.1 20240617.19506. It is, therefore, affected by multiple vulnerabilities. - A path traversal vulnerability in the iclock API allows unauthenticated attackers to read arbitrary...