108 matches found
EUVD-2024-17440
Malicious code in bioql PyPI...
EUVD-2024-20513
Malicious code in bioql PyPI...
EUVD-2022-47163
Malicious code in bioql PyPI...
EUVD-2024-33619
Malicious code in bioql PyPI...
EUVD-2024-47170
Malicious code in bioql PyPI...
ZKTeco ZKBio Time Detection
Binary data zktecozkbiotimedetect.nbin...
CVE-2024-36526
ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key...
CVE-2024-22988
ZKteco ZKBio WDMS before 9.0.2 Build 20250526 allows an attacker to download a database backup via the /files/backup/ component because the filename is based on a predictable timestamp...
CVE-2024-6344
A vulnerability, which was classified as problematic, was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. This affects an unknown part of the component Push Configuration Section. The manipulation of the argument Configuration Name leads to cross site scripting. It is possible to initiate the attac...
CVE-2024-6005
A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Department Section. The manipulation of the argument Department Name leads to cross site scripting. The attack can be...
CVE-2024-1706
A vulnerability was determined in ZKTeco ZKBio Access IVS up to 3.3.2. This impacts an unknown function of the component Department Name Search Bar. This manipulation with the input hi causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly...
CVE-2024-11049
A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /authfiles/photo/ of the component Image File Handler. The manipulation leads to direct request. It is possible to launch the attack remotely. The complexity of an atta...
CVE-2022-40472
ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to contain a CSV injection vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the Content text field of the Add New Message module...
CVE-2022-44213
ZKTeco Xiamen Information Technology ZKBio ECO ADMS =3.1-164 is vulnerable to Cross Site Scripting XSS...
CVE-2025-45746
In ZKT ZKBio CVSecurity 6.4.1R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. NOTE: the Supplier disputes the significance of this report because the service console is typically only accessible from a local area network, and...
CVE-2025-45746
In ZKT ZKBio CVSecurity 6.4.1R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. NOTE: the Supplier disputes the significance of this report because the service console is typically only accessible from a local area network, and...
CVE-2025-45746
In ZKT ZKBio CVSecurity 6.4.1R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. NOTE: the Supplier disputes the significance of this report because the service console is typically only accessible from a local area network, and...
CVE-2025-45746
The CVE-2025-45746 issue affects ZKT ZKBio CVSecurity 6.4.1_R, where an unauthenticated attacker can craft a JWT token using a hardcoded secret to authenticate to the service console. This is caused by the hardcoded secret in the JWT authentication flow, enabling access to the service console. Ex...
CVE-2025-45746
In ZKT ZKBio CVSecurity 6.4.1R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. NOTE: the Supplier disputes the significance of this report because the service console is typically only accessible from a local area network, and...
PT-2025-21029 · Zkt · Zkbio Cvsecurity
Name of the Vulnerable Software and Affected Versions: ZKT ZKBio CVSecurity version 6.4.1 R Description: An unauthenticated attacker can craft a JWT token using a hardcoded secret to authenticate to the service console. Recommendations: For ZKT ZKBio CVSecurity version 6.4.1 R, update the softwar...