CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

32 matches found

CNNVD•added 2026/03/16 12:0 a.m.•3 views

ZKTeco ZKBioSecurity 信任管理问题漏洞

ZKTeco ZKBioSecurity is a web-based integrated platform developed by ZKTeco Corporation in China. Version 3.0 of ZKTeco ZKBioSecurity contains a vulnerability related to trust management. This vulnerability stems from local authorization bypassing, which may allow attackers to authenticate withou...

6.8CVSS5.8AI score0.00006EPSS

Exploits1References6

Vulnrichment•added 2026/03/15 1:35 p.m.•3 views

CVE-2016-20031 ZKTeco ZKBioSecurity 3.0 Local Authorization Bypass via visLogin.jsp

ZKTeco ZKBioSecurity 3.0 contains a local authorization bypass vulnerability in visLogin.jsp that allows attackers to authenticate without valid credentials by spoofing localhost requests. Attackers can exploit the EnvironmentUtil.getClientIp method which treats IPv6 loopback address...

6.8CVSS5.8AI score0.00006EPSS

Exploits1References6

ATTACKERKB•added 2026/03/15 1:35 p.m.•1 views

CVE-2016-20030

ZKTeco ZKBioSecurity 3.0 contains a user enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by submitting partial characters via the username parameter. Attackers can send requests to the authLoginAction!login.do script with varying username inputs to...

5.8AI score0.00042EPSS

Exploits1References4Affected Software1

CVE•added 2026/03/15 1:35 p.m.•8 views

CVE-2016-20029

CVE-2016-20029 affects ZKTeco ZKBioSecurity 3.0. The vulnerability is a file path manipulation flaw that lets an attacker access arbitrary local files by tampering with paths used to retrieve local resources. Attackers can bypass access controls to read sensitive information, including configurat...

6.9CVSS5.8AI score0.00012EPSS

Exploits1References6

Vulnrichment•added 2026/03/15 1:35 p.m.•0 views

CVE-2016-20027 ZKTeco ZKBioSecurity 3.0 Multiple Reflected XSS Vulnerabilities

ZKTeco ZKBioSecurity 3.0 contains multiple reflected cross-site scripting vulnerabilities that allow attackers to execute arbitrary HTML and script code by injecting malicious payloads through unsanitized parameters in multiple scripts. Attackers can craft malicious URLs with XSS payloads in...

6.1CVSS5.9AI score0.00014EPSS

Exploits1References5

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2022-39338

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.02081EPSS

Exploits3References3

RedhatCVE•added 2025/05/22 10:14 p.m.•6 views

CVE-2022-36635

ZKteco ZKBioSecurity V5000 4.1.3 was discovered to contain a SQL injection vulnerability via the component /baseOpLog.do...

8.8CVSS8.2AI score0.02081EPSS

Exploits3References1

CNVD•added 2022/10/11 12:0 a.m.•18 views

ZKTeco ZKBioSecurity SQL Injection Vulnerability

ZKTeco ZKBioSecurity is a web-based all-in-one platform from ZKTeco China.A SQL injection vulnerability exists in ZKteco ZKBioSecurity V5000 version 4.1.3, which stems from a lack of validation of external input SQL statements in component/baseOpLog.do. An attacker could exploit the vulnerability...

8.8CVSS3.7AI score0.02081EPSS

Exploits3References1

CNVD•added 2022/10/11 12:0 a.m.•21 views

ZKTeco ZKBioSecurity Access Control Error Vulnerability

ZKTeco ZKBioSecurity is a web-based all-in-one platform from ZKTeco China.An access control error vulnerability exists in ZKTeco ZKBioSecurity V5000 version 3.0.5r. The vulnerability stems from the presence of improper access control in the application, which can be exploited by an attacker to...

8.8CVSS2.9AI score0.00529EPSS

Exploits3References1

ATTACKERKB•added 2022/10/07 11:15 p.m.•3 views

CVE-2022-36635

ZKteco ZKBioSecurity V5000 4.1.3 was discovered to contain a SQL injection vulnerability via the component /baseOpLog.do...

8.8CVSS7.2AI score0.02081EPSS

Exploits3References4

CVE•added 2022/10/07 12:0 a.m.•66 views

CVE-2022-36634

CVE-2022-36634 affects ZKTeco ZKBioSecurity V5000, specifically version 3.0.5_r, where an access control flaw allows an attacker to arbitrarily create administrator users via a crafted HTTP request. The vulnerability is described as improper access control in the web-based ZKBioSecurity platform,...

8.8CVSS8.4AI score0.00529EPSS

Exploits3References3Affected Software1

CVE•added 2022/10/07 12:0 a.m.•74 views

CVE-2022-36635

CVE-2022-36635 affects ZKTeco ZKBioSecurity V5000 (version 4.1.3) with a SQL injection in the /baseOpLog.do component. The root cause is a lack of input validation for external SQL statements, enabling attackers to obtain sensitive DB information. The CVSSv3.1 metrics indicate Network access, Low...

8.8CVSS9AI score0.02081EPSS

Exploits3References3Affected Software1

Positive Technologies•added 2022/10/07 12:0 a.m.•1 views

PT-2022-23518 · Zkteco · Zkbio Cvsecurity V5000

Name of the Vulnerable Software and Affected Versions: ZKTeco ZKBioSecurity V5000 version 3.0.5 r Description: An access control issue allows attackers to arbitrarily create admin users via a crafted HTTP request. Recommendations: For ZKTeco ZKBioSecurity V5000 version 3.0.5 r, consider restricti...

8.8CVSS8.4AI score0.00529EPSS

Exploits3References5

0day.today•added 2022/10/03 12:0 a.m.•263 views

ZKSecurity BIO 4.1.2 SQL Injection / Code Execution Vulnerabilities

ADVISORY INFORMATION Product: ZKSecurity BIO Vendor: ZKTeco https://www.zkteco.com/en/ZKBiosecurity/ZKBioSecurityV50004.1.2 Version Affected: 4.1.2 CVE: CVE-2022-36635 Vulnerability: SQL Injection with a plus: RCE CREDIT This vulnerability was discovered and researched by Caio Burgardt and Silton...

8.8CVSS0.6AI score0.02081EPSS

Exploits3

Packet Storm•added 2022/10/01 12:0 a.m.•208 views

ZKSecurity BIO 3.0.5.0_R Privilege Escalation

ADVISORY INFORMATION Product: ZKSecurity BIO Vendor: ZKTeco Version Affected: 3.0.5.0R CVE: CVE-2022-36634 Vulnerability: User privilege escalation CREDIT This vulnerability was discovered and researched by Caio Burgardt and Silton Santos. INTRODUCTION Based on the hybrid biometric technology and...

0.5AI score0.00529EPSS

Exploits3

NVD•added 2020/08/14 8:15 p.m.•11 views

CVE-2020-17474

A token-reuse vulnerability in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.020190723 allows an attacker to create arbitrary new users, elevate users to administrators, delete users, and download user faces from the database...

9.8CVSS9.4AI score0.00377EPSS

Exploits1References1

OpenVAS•added 2016/10/06 12:0 a.m.•21 views

ZKTeco ZKBioSecurity Detection (HTTP)

HTTP based detection of ZKTeco ZKBioSecurity. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4AI score

Exploits0References1

seebug.org•added 2016/09/07 12:0 a.m.•22 views

ZKTeco ZKBioSecurity 3.0 hard-coded login credentials and remote system command execution

No description provided by source...

7.1AI score

Exploits0

CNVD•added 2016/09/03 12:0 a.m.•1 views

ZKTeco ZKBioSecurity 3.0 Hardcoded Certificate Remote System Command Execution Vulnerability

ZKBioSecurity is a comprehensive management platform for biometric security. The ZKTeco ZKBioSecurity 3.0 hard-coded credentials remote system command execution vulnerability arises because after credential validation, the application bundles a pre-configured Apache Tomcat server and user login...

8.2AI score

Exploits0References1

CNVD•added 2016/09/03 12:0 a.m.•1 views

ZKTeco ZKBioSecurity 3.0 Cross-Site Request Forgery Vulnerability

ZKBioSecurity 3.0 is a smart security management platform. ZKTeco ZKBioSecurity 3.0 cross-site request forgery vulnerability can be exploited by an attacker to perform certain actions with administrator privileges...

6.9AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by