Lucene search
K

32 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-17440

Malicious code in bioql PyPI...

5.4CVSS4.8AI score0.00433EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/06/23 12:0 a.m.4 views

ZKTeco ZKBio Time Detection

Binary data zktecozkbiotimedetect.nbin...

7.3AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:35 a.m.27 views

CVE-2024-22988

ZKteco ZKBio WDMS before 9.0.2 Build 20250526 allows an attacker to download a database backup via the /files/backup/ component because the filename is based on a predictable timestamp...

9.8CVSS9.4AI score0.00815EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:25 a.m.9 views

CVE-2024-11049

A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /authfiles/photo/ of the component Image File Handler. The manipulation leads to direct request. It is possible to launch the attack remotely. The complexity of an atta...

6.3CVSS4.2AI score0.00423EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/13 11:44 p.m.12 views

CVE-2024-35428

ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via BaseMediaFile. An authenticated user can delete local files from the server which can lead to DoS...

7.1CVSS6.5AI score0.00788EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/13 11:35 p.m.12 views

CVE-2024-35433

ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Incorrect Access Control. An authenticated user, without the permissions of managing users, can create a new admin user...

8.1CVSS6.6AI score0.00461EPSS
Exploits1References3
OSV
OSV
added 2024/11/10 6:15 a.m.8 views

CVE-2024-11049

A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /authfiles/photo/ of the component Image File Handler. The manipulation leads to direct request. It is possible to launch the attack remotely. The complexity of an atta...

3.7CVSS4.3AI score0.00423EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/11/10 5:31 a.m.21 views

CVE-2024-11049 ZKTeco ZKBio Time Image File photo direct request

A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /authfiles/photo/ of the component Image File Handler. The manipulation leads to direct request. It is possible to launch the attack remotely. The complexity of an atta...

6.3CVSS0.00423EPSS
Exploits0References4
CVE
CVE
added 2024/11/10 5:31 a.m.61 views

CVE-2024-11049

CVE-2024-11049 affects ZKTeco ZKBio Time 9.0.1, specifically the Image File Handler component and an unknown function of the file path /auth_files/photo/. The issue allows remote-triggered manipulation of a direct request, with attack complexity rated as HIGH and no required privileges, but no us...

6.3CVSS4.1AI score0.00423EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2024/11/10 12:0 a.m.4 views

ZKTeco ZKBio Time 安全漏洞

ZKTeco ZKBio Time is a powerful web-based time and attendance management software from ZKTeco, China. A security vulnerability exists in ZKTeco ZKBio Time version 9.0.1, which originates from the component Image File Handler where the file /authfiles/photo/ can lead to a direct request...

6.3CVSS4.8AI score0.00423EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/11/09 12:0 a.m.10 views

PT-2024-16723 · Zkteco · Zkteco Biotime

Name of the Vulnerable Software and Affected Versions: ZKTeco ZKBio Time version 9.0.1 Description: A vulnerability has been found in the Image File Handler component of ZKTeco ZKBio Time, affecting an unknown function of the file /auth files/photo/. This issue leads to direct request manipulatio...

6.3CVSS4.4AI score0.00423EPSS
Exploits0References9
CNNVD
CNNVD
added 2024/09/25 12:0 a.m.3 views

ZKTeco ZKBio WDMS 安全漏洞

ZKTeco ZKBio WDMS is a web-based data system from ZKTeco, China. A security vulnerability exists in ZKTeco ZKBio WDMS version v.5.1.3, which stems from a cross-site scripting vulnerability that could allow a remote attacker to execute arbitrary code and gain access to sensitive information via...

5.4CVSS6.9AI score0.00458EPSS
Exploits1References2
NVD
NVD
added 2024/07/09 5:15 p.m.15 views

CVE-2024-36526

ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key...

9.8CVSS0.00877EPSS
Exploits2References2
CVE
CVE
added 2024/07/09 12:0 a.m.53 views

CVE-2024-36526

ZKTeco ZKBio CVSecurity v6.1.1 is affected by a hardcoded cryptographic key (CVE-2024-36526). The Red Hat advisory and CNNVD entries corroborate the same issue. The vulnerability stems from a hardcoded key in CVSecurity 6.1.1, enabling high-severity impact per CVSS 3.1 (Critical, with high confid...

9.8CVSS7.4AI score0.00877EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2024/07/09 12:0 a.m.17 views

CVE-2024-36526

ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key...

0.00877EPSS
Exploits2References2
CVE
CVE
added 2024/06/26 10:31 a.m.57 views

CVE-2024-6344

The CVE-2024-6344 issue affects ZKTeco ZKBio CVSecurity V5000, version 4.1.0, in the Push Configuration Section where modifying the Configuration Name enables cross-site scripting. Attacks are described as remotely initiable. Remediation per sources is to upgrade to ZKBio CVSecurity V6600 6.1.3_R...

5.1CVSS3.3AI score0.00375EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/05/30 5:15 p.m.21 views

CVE-2024-35429

ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via eventRecord...

6.5CVSS6.5AI score0.00947EPSS
Exploits1References1
OSV
OSV
added 2024/05/30 5:15 p.m.5 views

CVE-2024-35431

ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via photoBase64. An unauthenticated user can download local files from the server. NOTE: Third parties have indicated other versions are also vulnerable including up to 6.4.1...

7.5CVSS5.7AI score0.01EPSS
Exploits1References1
OSV
OSV
added 2024/05/30 5:15 p.m.4 views

CVE-2024-35429

ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via eventRecord...

6.5CVSS5.8AI score0.00947EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/05/30 5:10 p.m.12 views

CVE-2024-35433

ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Incorrect Access Control. An authenticated user, without the permissions of managing users, can create a new admin user...

8AI score0.00461EPSS
Exploits1References1
Rows per page
Query Builder