Lucene search
+L

110 matches found

Cvelist
Cvelist
added 2025/05/13 12:0 a.m.29 views

CVE-2025-45746

In ZKT ZKBio CVSecurity 6.4.1R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. NOTE: the Supplier disputes the significance of this report because the service console is typically only accessible from a local area network, and...

6.5CVSS0.003EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/13 12:0 a.m.6 views

PT-2025-21029 · Zkt · Zkbio Cvsecurity

Name of the Vulnerable Software and Affected Versions: ZKT ZKBio CVSecurity version 6.4.1 R Description: An unauthenticated attacker can craft a JWT token using a hardcoded secret to authenticate to the service console. Recommendations: For ZKT ZKBio CVSecurity version 6.4.1 R, update the softwar...

9.8CVSS6.5AI score0.003EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/02/13 11:44 p.m.12 views

CVE-2024-35428

ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via BaseMediaFile. An authenticated user can delete local files from the server which can lead to DoS...

7.1CVSS6.5AI score0.00788EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/13 11:35 p.m.12 views

CVE-2024-35433

ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Incorrect Access Control. An authenticated user, without the permissions of managing users, can create a new admin user...

8.1CVSS6.6AI score0.00461EPSS
Exploits1References3
NVD
NVD
added 2024/11/10 6:15 a.m.21 views

CVE-2024-11049

A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /authfiles/photo/ of the component Image File Handler. The manipulation leads to direct request. It is possible to launch the attack remotely. The complexity of an atta...

6.3CVSS0.00423EPSS
Exploits0References4
OSV
OSV
added 2024/11/10 6:15 a.m.9 views

CVE-2024-11049

A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /authfiles/photo/ of the component Image File Handler. The manipulation leads to direct request. It is possible to launch the attack remotely. The complexity of an atta...

3.7CVSS4.3AI score0.00423EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/11/10 5:31 a.m.22 views

CVE-2024-11049 ZKTeco ZKBio Time Image File photo direct request

A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /authfiles/photo/ of the component Image File Handler. The manipulation leads to direct request. It is possible to launch the attack remotely. The complexity of an atta...

6.3CVSS6.7AI score0.00423EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/11/10 5:31 a.m.24 views

CVE-2024-11049 ZKTeco ZKBio Time Image File photo direct request

A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /authfiles/photo/ of the component Image File Handler. The manipulation leads to direct request. It is possible to launch the attack remotely. The complexity of an atta...

6.3CVSS0.00423EPSS
Exploits0References4
CVE
CVE
added 2024/11/10 5:31 a.m.62 views

CVE-2024-11049

CVE-2024-11049 affects ZKTeco ZKBio Time 9.0.1, specifically the Image File Handler component and an unknown function of the file path /auth_files/photo/. The issue allows remote-triggered manipulation of a direct request, with attack complexity rated as HIGH and no required privileges, but no us...

6.3CVSS4.1AI score0.00423EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2024/11/10 12:0 a.m.5 views

ZKTeco ZKBio Time 安全漏洞

ZKTeco ZKBio Time is a powerful web-based time and attendance management software from ZKTeco, China. A security vulnerability exists in ZKTeco ZKBio Time version 9.0.1, which originates from the component Image File Handler where the file /authfiles/photo/ can lead to a direct request...

6.3CVSS4.8AI score0.00423EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/11/09 12:0 a.m.12 views

PT-2024-16723 · Zkteco · Zkteco Biotime

Name of the Vulnerable Software and Affected Versions: ZKTeco ZKBio Time version 9.0.1 Description: A vulnerability has been found in the Image File Handler component of ZKTeco ZKBio Time, affecting an unknown function of the file /auth files/photo/. This issue leads to direct request manipulatio...

6.3CVSS4.4AI score0.00423EPSS
Exploits0References9
CNNVD
CNNVD
added 2024/09/25 12:0 a.m.4 views

ZKTeco ZKBio WDMS 安全漏洞

ZKTeco ZKBio WDMS is a web-based data system from ZKTeco, China. A security vulnerability exists in ZKTeco ZKBio WDMS version v.5.1.3, which stems from a cross-site scripting vulnerability that could allow a remote attacker to execute arbitrary code and gain access to sensitive information via...

5.4CVSS6.9AI score0.00458EPSS
Exploits1References2
NVD
NVD
added 2024/07/09 5:15 p.m.15 views

CVE-2024-36526

ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key...

9.8CVSS0.00877EPSS
Exploits2References2
OSV
OSV
added 2024/07/09 5:15 p.m.3 views

CVE-2024-36526

ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key...

9.8CVSS5.8AI score0.00877EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2024/07/09 12:0 a.m.15 views

CVE-2024-36526

ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key...

7.3AI score0.00877EPSS
Exploits2References2
CVE
CVE
added 2024/07/09 12:0 a.m.53 views

CVE-2024-36526

ZKTeco ZKBio CVSecurity v6.1.1 is affected by a hardcoded cryptographic key (CVE-2024-36526). The Red Hat advisory and CNNVD entries corroborate the same issue. The vulnerability stems from a hardcoded key in CVSecurity 6.1.1, enabling high-severity impact per CVSS 3.1 (Critical, with high confid...

9.8CVSS7.4AI score0.00877EPSS
Exploits2References2Affected Software1
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.3 views

ZKTeco ZKBio CVSecurity Security Breach

ZKTeco ZKBio CVSecurity is a series of biometric solutions from the Chinese company ZKTeco. A security vulnerability exists in ZKTeco ZKBio CVSecurity version v6.1.1, which stems from the presence of hard-coded encryption keys...

9.8CVSS6.8AI score0.00877EPSS
Exploits2References3
Cvelist
Cvelist
added 2024/07/09 12:0 a.m.21 views

CVE-2024-36526

ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key...

0.00877EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.7 views

PT-2024-27047 · Zkteco · Zkbio Cvsecurity

Name of the Vulnerable Software and Affected Versions: ZKTeco ZKBio CVSecurity version 6.1.1 Description: A hardcoded cryptographic key was discovered in the software. Recommendations: For ZKTeco ZKBio CVSecurity version 6.1.1, consider updating to a newer version that does not contain the...

9.8CVSS6.1AI score0.00877EPSS
Exploits2References5
OSV
OSV
added 2024/06/26 11:15 a.m.7 views

CVE-2024-6344

A vulnerability, which was classified as problematic, was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. This affects an unknown part of the component Push Configuration Section. The manipulation of the argument Configuration Name leads to cross site scripting. It is possible to initiate the attac...

4.8CVSS3.8AI score0.00375EPSS
Exploits0References4
Rows per page
Query Builder