CVE-2022-38801

In Zkteco BioTime 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting...

EUVD-2022-41362

Malicious code in bioql PyPI...

CISA Adds Six Known Exploited Vulnerabilities to Catalog

CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-4427link is external Ivanti Endpoint Manager Mobile EPMM Authentication Bypass Vulnerability CVE-2025-4428link is external Ivanti Endpoint Manager Mobile EPMM...

ZKTeco BioTime Path Traversal Vulnerability

ZKTeco BioTime contains a path traversal vulnerability in the iclock API that allows an unauthenticated attacker to read arbitrary files via supplying a crafted payload...

PT-2023-4123 · Zkteco · Zkteco Biotime

Name of the Vulnerable Software and Affected Versions: ZKTeco BioTime version 8.5.5 Description: The issue is related to a hidden API in the ZKTeco BioTime platform, which allows unauthenticated attackers to reset the Administrator password via a crafted web request. This can be exploited by a...

Improper access control

Zkteco BioTime 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log. An authenticated employee can read local files by exploiting XSS into a pdf generator when exporting data as a PDF...

Zkteco BioTime 跨站脚本漏洞

Zkteco BioTime is a powerful web-based time and attendance management software from the Chinese company Zkteco. A security vulnerability exists in Zkteco BioTime versions prior to 8.5.4, which originates from an employee being able to hijack administrator sessions and cookies using blind cross-si...