CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

131 matches found

Cvelist•added 2022/11/30 12:0 a.m.•12 views

CVE-2022-38802

Zkteco BioTime 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday. An authenticated administrator can read local files by exploiting XSS into a pdf generator when exporting data as a PDF...

6AI score0.00566EPSS

Exploits1References2

Vulnrichment•added 2022/11/30 12:0 a.m.•9 views

CVE-2022-38802

5.9AI score0.00566EPSS

Exploits1References2

CVE•added 2022/11/30 12:0 a.m.•65 views

CVE-2022-38801

The CVE-2022-38801 entry affects Zkteco BioTime prior to 8.5.3 Build:20200816.447, where an employee can hijack an administrator session and cookies via blind cross-site scripting. The vulnerability is caused by a cross-site scripting flaw in BioTime, enabling session takeover and cookie access. ...

5.4CVSS5.2AI score0.00323EPSS

Exploits0References2Affected Software1

Cvelist•added 2022/11/30 12:0 a.m.•12 views

CVE-2022-38803

Zkteco BioTime 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log. An authenticated employee can read local files by exploiting XSS into a pdf generator when exporting data as a PDF...

6.3AI score0.00302EPSS

Exploits1References2

OSV•added 2022/11/08 11:15 p.m.•2 views

CVE-2022-30515

ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an attacker to view them through filename enumeration...

5.3CVSS5.8AI score0.00221EPSS

Exploits1References2

NVD•added 2022/11/08 11:15 p.m.•12 views

CVE-2022-30515

ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an attacker to view them through filename enumeration...

5.3CVSS0.00221EPSS

Exploits1References2

Prion•added 2022/11/08 11:15 p.m.•23 views

Authentication flaw

ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an attacker to view them through filename enumeration...

5CVSS5.4AI score0.00221EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2022/11/08 12:0 a.m.•6 views

CVE-2022-30515

ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an attacker to view them through filename enumeration...

5.4AI score0.00221EPSS

Exploits1References2

Positive Technologies•added 2022/11/08 12:0 a.m.•3 views

PT-2022-20152 · Zkteco · Zkteco Biotime

Name of the Vulnerable Software and Affected Versions: ZKTeco BioTime version 8.5.4 Description: The issue is related to missing authentication on folders containing employee photos. This allows an attacker to view the photos through filename enumeration. Recommendations: For ZKTeco BioTime versi...

5.3CVSS5.2AI score0.00221EPSS

Exploits1References5

CVE•added 2022/11/08 12:0 a.m.•62 views

CVE-2022-30515

ZKTeco BioTime 8.5.4 is affected by an authentication bypass issue where folders containing employee photos are not required to authenticate, enabling an attacker to view photos via filename enumeration. This vulnerability is corroborated by multiple sources in the connected set (including NVD an...

5.3CVSS5.4AI score0.00221EPSS

Exploits1References2Affected Software1

Cvelist•added 2022/11/08 12:0 a.m.•14 views

CVE-2022-30515

ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an attacker to view them through filename enumeration...

5.7AI score0.00221EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by