CVE-2026-9508

Incorrect permission settings on a critical resource in Suprema BioStar 2 versions 2.9.3 through 2.9.11 that allow backup files to be publicly exposed when the administrator configures their path within the NGINX webroot. This vulnerability allows an attacker with network access to directly...

PT-2026-44832

Incorrect permission settings on a critical resource in Suprema BioStar 2 versions 2.9.3 through 2.9.11 that allow backup files to be publicly exposed when the administrator configures their path within the NGINX webroot. This vulnerability allows an attacker with network access to directly...

CVE-2023-33365

A path traversal vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated attackers to fetch arbitrary files from the server's web server...

Suprema BioStar 2 Operating System Command Injection Vulnerability

Suprema BioStar 2 is a web-based biometric security smart lock platform from Suprema Korea. A security vulnerability exists in Suprema BioStar 2 versions prior to V2.9.1, which stems from a vulnerability that allows an authenticated user to execute arbitrary operating system commands on the BioSt...

CVE-2023-31923

Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure Permissions. A vulnerability in the web application allows an authenticated attacker with "User Operator" privileges to create a highly privileged user account. The vulnerability is caused by missing server-side validation, which can be...

Suprema BioStar 2 SQL注入漏洞

Suprema BioStar 2 is a web-based biometric security smart lock platform from Suprema Korea. A security vulnerability exists in Suprema BioStar 2 version v2.8.16. An attacker can exploit the vulnerability to perform SQL injection via the values parameter at /users/absence?searchmonth=1...