95 matches found
CVE-2022-38801
In Zkteco BioTime 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting...
CVE-2022-38803
Zkteco BioTime 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log. An authenticated employee can read local files by exploiting XSS into a pdf generator when exporting data as a PDF...
CVE-2025-15128
A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown part of the file /base/safesetting/ of the component Endpoint. Performing a manipulation of the argument backupencryptionpassworddecrypt/exportencryptionpassworddecrypt results in unprotected storage o...
EUVD-2025-205498
A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown part of the file /base/safesetting/ of the component Endpoint. Performing manipulation of the argument backupencryptionpassworddecrypt/exportencryptionpassworddecrypt results in unprotected storage of...
CVE-2025-15128
A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown part of the file /base/safesetting/ of the component Endpoint. Performing a manipulation of the argument backupencryptionpassworddecrypt/exportencryptionpassworddecrypt results in unprotected storage o...
CVE-2025-15128
A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown part of the file /base/safesetting/ of the component Endpoint. Performing a manipulation of the argument backupencryptionpassworddecrypt/exportencryptionpassworddecrypt results in unprotected storage o...
CVE-2025-15128
ZKTeco BioTime Endpoint (affected: up to 9.0.3/9.0.4/9.5.2) contains a vulnerability in the file /base/safe_setting/ within the Endpoint component. Manipulating the arguments backup_encryption_password_decrypt/export_encryption_password_decrypt can lead to unprotected storage of credentials. Remo...
CVE-2025-15128 ZKTeco BioTime Endpoint safe_setting credentials storage
A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown part of the file /base/safesetting/ of the component Endpoint. Performing a manipulation of the argument backupencryptionpassworddecrypt/exportencryptionpassworddecrypt results in unprotected storage o...
ZKTeco BioTime 安全漏洞
ZKTeco BioTime is a powerful web-based time and attendance management software from the Chinese company ZKTeco. A security vulnerability exists in ZKTeco BioTime versions 9.0.3, 9.0.4, and 9.5.2, which stems from a vulnerability in the parameter...
EUVD-2023-42709
Malicious code in bioql PyPI...
EUVD-2022-52376
Malicious code in bioql PyPI...
EUVD-2023-55864
Malicious code in bioql PyPI...
EUVD-2023-42711
Malicious code in bioql PyPI...
EUVD-2024-47604
Malicious code in bioql PyPI...
EUVD-2022-41362
Malicious code in bioql PyPI...
EUVD-2022-41361
Malicious code in bioql PyPI...
EUVD-2023-42712
Malicious code in bioql PyPI...
ZKTeco BioTime < 9.0.1 (20240617.19506) Multiple Vulnerebilities
According to its self-reported version, the instance of ZKTeco BioTime running on the remote web server is prior to 9.0.1 20240617.19506. It is, therefore, affected by multiple vulnerabilities. - A path traversal vulnerability in the iclock API allows unauthenticated attackers to read arbitrary...
ZKTeco BioTime multiple vulnerabilities
RISK EVALUATION ZKTeco BioTime is a web-based time and attendance management software. A default password vulnerability was found that allows an attacker to log in to any user account that does not change their password. Attackers utilizing this obtain user credentials and can possibly perform...
CVE-2024-13966
ZKTeco BioTime allows unauthenticated attackers to enumerate usernames and log in as any user with a password unchanged from the default value '123456'. Users should change their passwords located under the Attendance Settings tab as "Self-Password"...