110 matches found
CVE-2025-45746
In ZKT ZKBio CVSecurity 6.4.1R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. NOTE: the Supplier disputes the significance of this report because the service console is typically only accessible from a local area network, and...
PT-2025-21029 · Zkt · Zkbio Cvsecurity
Name of the Vulnerable Software and Affected Versions: ZKT ZKBio CVSecurity version 6.4.1 R Description: An unauthenticated attacker can craft a JWT token using a hardcoded secret to authenticate to the service console. Recommendations: For ZKT ZKBio CVSecurity version 6.4.1 R, update the softwar...
CVE-2024-35428
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via BaseMediaFile. An authenticated user can delete local files from the server which can lead to DoS...
CVE-2024-35433
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Incorrect Access Control. An authenticated user, without the permissions of managing users, can create a new admin user...
CVE-2024-11049
A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /authfiles/photo/ of the component Image File Handler. The manipulation leads to direct request. It is possible to launch the attack remotely. The complexity of an atta...
CVE-2024-11049
A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /authfiles/photo/ of the component Image File Handler. The manipulation leads to direct request. It is possible to launch the attack remotely. The complexity of an atta...
CVE-2024-11049 ZKTeco ZKBio Time Image File photo direct request
A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /authfiles/photo/ of the component Image File Handler. The manipulation leads to direct request. It is possible to launch the attack remotely. The complexity of an atta...
CVE-2024-11049 ZKTeco ZKBio Time Image File photo direct request
A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /authfiles/photo/ of the component Image File Handler. The manipulation leads to direct request. It is possible to launch the attack remotely. The complexity of an atta...
CVE-2024-11049
CVE-2024-11049 affects ZKTeco ZKBio Time 9.0.1, specifically the Image File Handler component and an unknown function of the file path /auth_files/photo/. The issue allows remote-triggered manipulation of a direct request, with attack complexity rated as HIGH and no required privileges, but no us...
ZKTeco ZKBio Time 安全漏洞
ZKTeco ZKBio Time is a powerful web-based time and attendance management software from ZKTeco, China. A security vulnerability exists in ZKTeco ZKBio Time version 9.0.1, which originates from the component Image File Handler where the file /authfiles/photo/ can lead to a direct request...
PT-2024-16723 · Zkteco · Zkteco Biotime
Name of the Vulnerable Software and Affected Versions: ZKTeco ZKBio Time version 9.0.1 Description: A vulnerability has been found in the Image File Handler component of ZKTeco ZKBio Time, affecting an unknown function of the file /auth files/photo/. This issue leads to direct request manipulatio...
ZKTeco ZKBio WDMS 安全漏洞
ZKTeco ZKBio WDMS is a web-based data system from ZKTeco, China. A security vulnerability exists in ZKTeco ZKBio WDMS version v.5.1.3, which stems from a cross-site scripting vulnerability that could allow a remote attacker to execute arbitrary code and gain access to sensitive information via...
CVE-2024-36526
ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key...
CVE-2024-36526
ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key...
CVE-2024-36526
ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key...
CVE-2024-36526
ZKTeco ZKBio CVSecurity v6.1.1 is affected by a hardcoded cryptographic key (CVE-2024-36526). The Red Hat advisory and CNNVD entries corroborate the same issue. The vulnerability stems from a hardcoded key in CVSecurity 6.1.1, enabling high-severity impact per CVSS 3.1 (Critical, with high confid...
ZKTeco ZKBio CVSecurity Security Breach
ZKTeco ZKBio CVSecurity is a series of biometric solutions from the Chinese company ZKTeco. A security vulnerability exists in ZKTeco ZKBio CVSecurity version v6.1.1, which stems from the presence of hard-coded encryption keys...
CVE-2024-36526
ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key...
PT-2024-27047 · Zkteco · Zkbio Cvsecurity
Name of the Vulnerable Software and Affected Versions: ZKTeco ZKBio CVSecurity version 6.1.1 Description: A hardcoded cryptographic key was discovered in the software. Recommendations: For ZKTeco ZKBio CVSecurity version 6.1.1, consider updating to a newer version that does not contain the...
CVE-2024-6344
A vulnerability, which was classified as problematic, was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. This affects an unknown part of the component Push Configuration Section. The manipulation of the argument Configuration Name leads to cross site scripting. It is possible to initiate the attac...