EUVD-2024-35332

Malicious code in bioql PyPI...

EUVD-2024-47170

Malicious code in bioql PyPI...

EUVD-2024-35331

Malicious code in bioql PyPI...

CVE-2024-36526

ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key...

CVE-2024-6344

A vulnerability, which was classified as problematic, was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. This affects an unknown part of the component Push Configuration Section. The manipulation of the argument Configuration Name leads to cross site scripting. It is possible to initiate the attac...

CVE-2024-6005

A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Department Section. The manipulation of the argument Department Name leads to cross site scripting. The attack can be...

CVE-2025-45746

In ZKT ZKBio CVSecurity 6.4.1R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. NOTE: the Supplier disputes the significance of this report because the service console is typically only accessible from a local area network, and...

CVE-2025-45746

In ZKT ZKBio CVSecurity 6.4.1R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. NOTE: the Supplier disputes the significance of this report because the service console is typically only accessible from a local area network, and...

CVE-2025-45746

In ZKT ZKBio CVSecurity 6.4.1R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. NOTE: the Supplier disputes the significance of this report because the service console is typically only accessible from a local area network, and...

CVE-2025-45746

The CVE-2025-45746 issue affects ZKT ZKBio CVSecurity 6.4.1_R, where an unauthenticated attacker can craft a JWT token using a hardcoded secret to authenticate to the service console. This is caused by the hardcoded secret in the JWT authentication flow, enabling access to the service console. Ex...

CVE-2025-45746

In ZKT ZKBio CVSecurity 6.4.1R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. NOTE: the Supplier disputes the significance of this report because the service console is typically only accessible from a local area network, and...

PT-2025-21029 · Zkt · Zkbio Cvsecurity

Name of the Vulnerable Software and Affected Versions: ZKT ZKBio CVSecurity version 6.4.1 R Description: An unauthenticated attacker can craft a JWT token using a hardcoded secret to authenticate to the service console. Recommendations: For ZKT ZKBio CVSecurity version 6.4.1 R, update the softwar...

ZKTeco ZKBio CVSecurity 信任管理问题漏洞

ZKTeco ZKBio CVSecurity is a series of biometric solutions from the Chinese company ZKTeco. A trust management issue vulnerability exists in ZKTeco ZKBio CVSecurity version 6.4.1R, which stems from a hard-coded key that could lead to unverified JWT token authentication...

CVE-2025-45746

In ZKT ZKBio CVSecurity 6.4.1R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. NOTE: the Supplier disputes the significance of this report because the service console is typically only accessible from a local area network, and...

CVE-2024-35432

ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Cross Site Scripting XSS via an Audio File. An authenticated user can injection malicious JavaScript code to trigger a Cross Site Scripting...

Exploit for Use of Hard-coded Password in Zkteco Zkbio_Cvsecurity

ZKT-Eco-Bio-CVSecurity This rep...

CVE-2024-36526

ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key...

CVE-2024-36526

ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key...

CVE-2024-36526

ZKTeco ZKBio CVSecurity v6.1.1 is affected by a hardcoded cryptographic key (CVE-2024-36526). The Red Hat advisory and CNNVD entries corroborate the same issue. The vulnerability stems from a hardcoded key in CVSecurity 6.1.1, enabling high-severity impact per CVSS 3.1 (Critical, with high confid...

ZKTeco ZKBio CVSecurity Security Breach

ZKTeco ZKBio CVSecurity is a series of biometric solutions from the Chinese company ZKTeco. A security vulnerability exists in ZKTeco ZKBio CVSecurity version v6.1.1, which stems from the presence of hard-coded encryption keys...