EUVD-2024-47170

Malicious code in bioql PyPI...

CVE-2024-6344

A vulnerability, which was classified as problematic, was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. This affects an unknown part of the component Push Configuration Section. The manipulation of the argument Configuration Name leads to cross site scripting. It is possible to initiate the attac...

CVE-2024-6005

A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Department Section. The manipulation of the argument Department Name leads to cross site scripting. The attack can be...

CVE-2025-45746

In ZKT ZKBio CVSecurity 6.4.1R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. NOTE: the Supplier disputes the significance of this report because the service console is typically only accessible from a local area network, and...

CVE-2025-45746

In ZKT ZKBio CVSecurity 6.4.1R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. NOTE: the Supplier disputes the significance of this report because the service console is typically only accessible from a local area network, and...

CVE-2025-45746

The CVE-2025-45746 issue affects ZKT ZKBio CVSecurity 6.4.1_R, where an unauthenticated attacker can craft a JWT token using a hardcoded secret to authenticate to the service console. This is caused by the hardcoded secret in the JWT authentication flow, enabling access to the service console. Ex...

CVE-2025-45746

In ZKT ZKBio CVSecurity 6.4.1R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. NOTE: the Supplier disputes the significance of this report because the service console is typically only accessible from a local area network, and...

PT-2025-21029 · Zkt · Zkbio Cvsecurity

Name of the Vulnerable Software and Affected Versions: ZKT ZKBio CVSecurity version 6.4.1 R Description: An unauthenticated attacker can craft a JWT token using a hardcoded secret to authenticate to the service console. Recommendations: For ZKT ZKBio CVSecurity version 6.4.1 R, update the softwar...

ZKTeco ZKBio CVSecurity 信任管理问题漏洞

ZKTeco ZKBio CVSecurity is a series of biometric solutions from the Chinese company ZKTeco. A trust management issue vulnerability exists in ZKTeco ZKBio CVSecurity version 6.4.1R, which stems from a hard-coded key that could lead to unverified JWT token authentication...

CVE-2025-45746

In ZKT ZKBio CVSecurity 6.4.1R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. NOTE: the Supplier disputes the significance of this report because the service console is typically only accessible from a local area network, and...

CVE-2024-36526

ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key...

CVE-2024-36526

ZKTeco ZKBio CVSecurity v6.1.1 is affected by a hardcoded cryptographic key (CVE-2024-36526). The Red Hat advisory and CNNVD entries corroborate the same issue. The vulnerability stems from a hardcoded key in CVSecurity 6.1.1, enabling high-severity impact per CVSS 3.1 (Critical, with high confid...

ZKTeco ZKBio CVSecurity Security Breach

ZKTeco ZKBio CVSecurity is a series of biometric solutions from the Chinese company ZKTeco. A security vulnerability exists in ZKTeco ZKBio CVSecurity version v6.1.1, which stems from the presence of hard-coded encryption keys...

PT-2024-27047 · Zkteco · Zkbio Cvsecurity

Name of the Vulnerable Software and Affected Versions: ZKTeco ZKBio CVSecurity version 6.1.1 Description: A hardcoded cryptographic key was discovered in the software. Recommendations: For ZKTeco ZKBio CVSecurity version 6.1.1, consider updating to a newer version that does not contain the...

CVE-2024-6344

A vulnerability, which was classified as problematic, was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. This affects an unknown part of the component Push Configuration Section. The manipulation of the argument Configuration Name leads to cross site scripting. It is possible to initiate the attac...

CVE-2024-6344

The CVE-2024-6344 issue affects ZKTeco ZKBio CVSecurity V5000, version 4.1.0, in the Push Configuration Section where modifying the Configuration Name enables cross-site scripting. Attacks are described as remotely initiable. Remediation per sources is to upgrade to ZKBio CVSecurity V6600 6.1.3_R...

ZKTeco ZKBio CVSecurity V5000 Code Injection Vulnerability

ZKTeco ZKBio CVSecurity is a series of biometric solutions from the Chinese company ZKTeco. A code injection vulnerability exists in ZKTeco ZKBio CVSecurity V5000 version 4.1.0, which stems from the manipulation of the parameter Configuration Name can lead to cross-site scripting...

PT-2024-37554 · Zkteco · Zkbio Cvsecurity V5000

Name of the Vulnerable Software and Affected Versions: ZKTeco ZKBio CVSecurity V5000 version 4.1.0 Description: A problematic issue was found in the Push Configuration Section component. The manipulation of the Configuration Name argument leads to cross-site scripting. It is possible to initiate...

CVE-2024-6006 ZKTeco ZKBio CVSecurity V5000 Summer Schedule cross site scripting

A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Summer Schedule Handler. The manipulation of the argument Schedule Name leads to cross site scripting. The attack may be launch...

CVE-2024-6005

A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Department Section. The manipulation of the argument Department Name leads to cross site scripting. The attack can be...