A path traversal vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated attackers to fetch arbitrary files from the server's web...
7.5CVSS
7.5AI Score
0.001EPSS
A SQL injection vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows authenticated users to inject arbitrary SQL directives into an SQL statement and execute arbitrary SQL...
8.8CVSS
8.8AI Score
0.001EPSS
An OS Command injection vulnerability exists in Suprema BioStar 2 before V2.9.1, which allows authenticated users to execute arbitrary OS commands on the BioStar 2...
8.8CVSS
8.9AI Score
0.001EPSS
An authentication bypass vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated users to access some functionality on BioStar 2...
7.5CVSS
7.7AI Score
0.001EPSS
Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure Permissions. A vulnerability in the web application allows an authenticated attacker with "User Operator" privileges to create a highly privileged user account. The vulnerability is caused by missing server-side validation, which can be...
8.8CVSS
8.4AI Score
0.001EPSS
Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vulnerability via the values parameter at...
6.5CVSS
6.7AI Score
0.005EPSS
An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers can read arbitrary files from the server via Directory...
7.5CVSS
7.6AI Score
0.552EPSS
A vulnerability in Suprema BioStar (aka Bio Star) 2 v2.8.16 allows attackers to escalate privileges to System Administrator via a crafted PUT request to the update profile...
8.8CVSS
8.5AI Score
0.001EPSS