Lucene search
K

30 matches found

EUVD
EUVD
added 2026/03/16 3:30 p.m.5 views

EUVD-2016-10815

ZKTeco ZKBioSecurity 3.0 contains a user enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by submitting partial characters via the username parameter. Attackers can send requests to the authLoginAction!login.do script with varying username inputs to...

9.8CVSS5.8AI score0.00563EPSS
Exploits1References5
EUVD
EUVD
added 2026/03/16 3:30 p.m.4 views

EUVD-2016-10807

ZKTeco ZKBioSecurity 3.0 contains hardcoded credentials in the bundled Apache Tomcat server that allow unauthenticated attackers to access the manager application. Attackers can authenticate with hardcoded credentials stored in tomcat-users.xml to upload malicious WAR archives containing JSP...

9.8CVSS6.1AI score0.0078EPSS
Exploits1References7
NVD
NVD
added 2026/03/16 2:17 p.m.5 views

CVE-2016-20030

ZKTeco ZKBioSecurity 3.0 contains a user enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by submitting partial characters via the username parameter. Attackers can send requests to the authLoginAction!login.do script with varying username inputs to...

9.8CVSS0.00563EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.6 views

ZKTeco ZKBioSecurity 安全漏洞

ZKTeco ZKBioSecurity is a web-based integrated platform developed by ZKTeco in China. Version 3.0 of ZKTeco ZKBioSecurity contains a security vulnerability. This vulnerability stems from improper handling of file paths, which may allow attackers to access arbitrary files by modifying file paths...

6.9CVSS5.9AI score0.00206EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.8 views

ZKTeco ZKBioSecurity 跨站请求伪造漏洞

ZKTeco ZKBioSecurity is a web-based integrated platform developed by ZKTeco Corporation in China. Version 3.0 of ZKTeco ZKBioSecurity contains a cross-site request forgeing vulnerability. This vulnerability stems from cross-site request forgery, allowing attackers to trick users into accessing...

5.3CVSS5.7AI score0.00207EPSS
Exploits1References6
CVE
CVE
added 2026/03/15 1:35 p.m.8 views

CVE-2016-20030

CVE-2016-20030 affects ZKTeco ZKBioSecurity 3.0. The vulnerability is a user enumeration flaw in the authLoginAction!login.do endpoint that allows unauthenticated attackers to determine valid usernames by submitting partial usernames. Attack responses reveal username validity, enabling attackers ...

9.8CVSS5.8AI score0.00563EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/15 1:35 p.m.4 views

CVE-2016-20029

ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including...

5.8AI score0.00206EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/15 1:35 p.m.2 views

CVE-2016-20028 ZKTeco ZKBioSecurity 3.0 Cross-Site Request Forgery Superadmin

ZKTeco ZKBioSecurity 3.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious websites. Attackers can craft HTTP requests that add superadmin accounts without validity checks, enabling...

5.3CVSS5.7AI score0.00207EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/03/15 1:35 p.m.23 views

CVE-2016-20028 ZKTeco ZKBioSecurity 3.0 Cross-Site Request Forgery Superadmin

ZKTeco ZKBioSecurity 3.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious websites. Attackers can craft HTTP requests that add superadmin accounts without validity checks, enabling...

5.3CVSS0.00207EPSS
Exploits1References6
CVE
CVE
added 2026/03/15 1:35 p.m.7 views

CVE-2016-20028

CVE-2016-20028 affects ZKTeco ZKBioSecurity 3.0. The issue is a Cross-Site Request Forgery (CSRF) that lets an attacker cause administrative actions by coaxing an authenticated user to visit a malicious page. Attacks can craft HTTP requests that add superadmin accounts without validity checks, po...

5.3CVSS5.7AI score0.00207EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/03/15 1:35 p.m.2 views

CVE-2016-20027

ZKTeco ZKBioSecurity 3.0 contains multiple reflected cross-site scripting vulnerabilities that allow attackers to execute arbitrary HTML and script code by injecting malicious payloads through unsanitized parameters in multiple scripts. Attackers can craft malicious URLs with XSS payloads in...

5.9AI score0.00248EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/03/15 1:35 p.m.25 views

CVE-2016-20026 ZKTeco ZKBioSecurity 3.0 Hardcoded Credentials Remote Code Execution

ZKTeco ZKBioSecurity 3.0 contains hardcoded credentials in the bundled Apache Tomcat server that allow unauthenticated attackers to access the manager application. Attackers can authenticate with hardcoded credentials stored in tomcat-users.xml to upload malicious WAR archives containing JSP...

9.8CVSS0.0078EPSS
Exploits1References6
CVE
CVE
added 2026/03/15 1:35 p.m.21 views

CVE-2016-20026

CVE-2016-20026 affects ZKTeco ZKBioSecurity 3.0. The vulnerability stems from hardcoded credentials in the bundled Apache Tomcat server (tomcat-users.xml), which allow unauthenticated access to the manager application and enable uploading malicious WAR archives that execute arbitrary JSP code wit...

9.8CVSS6.1AI score0.0078EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/03/15 12:0 a.m.5 views

PT-2026-25726

Name of the Vulnerable Software and Affected Versions ZKTeco ZKBioSecurity version 3.0 Description The software contains a cross-site request forgery issue that allows attackers to perform administrative actions by deceiving authenticated users into visiting malicious websites. Specifically,...

5.3CVSS5.3AI score0.00207EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/03/15 12:0 a.m.10 views

PT-2026-25727

Name of the Vulnerable Software and Affected Versions ZKTeco ZKBioSecurity version 3.0 Description The software contains a file path manipulation issue that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameter...

6.9CVSS5.5AI score0.00206EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-39337

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.01341EPSS
Exploits3References3
RedhatCVE
RedhatCVE
added 2025/05/22 11:8 p.m.8 views

CVE-2022-36634

An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5r allows attackers to arbitrarily create admin users via a crafted HTTP request...

8.8CVSS6.7AI score0.01341EPSS
Exploits3References1
CNNVD
CNNVD
added 2024/06/15 12:0 a.m.5 views

ZKTeco ZKBioSecurity Code Injection Vulnerability

ZKTeco ZKBioSecurity is a web-based all-in-one platform from the Chinese company ZKTeco. A code injection vulnerability exists in ZKTeco ZKBioSecurity version 4.1.0, which stems from an incorrect operation of the parameter Schedule Name that can lead to cross-site scripting...

5.1CVSS6.8AI score0.00428EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/06/15 12:0 a.m.3 views

ZKTeco ZKBioSecurity Code Injection Vulnerability

ZKTeco ZKBioSecurity is a web-based all-in-one platform from the Chinese company ZKTeco. A code injection vulnerability exists in ZKTeco ZKBioSecurity version 4.1.0, which stems from an incorrect operation of the parameter Department Name that can lead to cross-site scripting...

5.1CVSS6.8AI score0.00428EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/05/30 12:0 a.m.2 views

ZKTeco ZKBioSecurity Security Vulnerabilities

ZKTeco ZKBioSecurity is a web-based all-in-one platform from the Chinese company ZKTeco. A security vulnerability exists in ZKTeco ZKBioSecurity version 6.1.1 that originates from a vulnerability that allows an authenticated user to bypass password checks while exporting data from the application...

8.1CVSS6.7AI score0.00593EPSS
Exploits1References4
Rows per page
Query Builder