Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zkteco vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-36634
An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5_r allows malicious users to arbitrarily create admin users via a crafted HTTP request.
Zkteco Zkbiosecurity V5000 3.0.5.0 R
NA
CVE-2022-36635
ZKteco ZKBioSecurity V5000 4.1.3 exists to contain a SQL injection vulnerability via the component /baseOpLog.do.
Zkteco Zkbiosecurity V5000 4.1.3
605
VMScore
CVE-2017-13129
Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens.
Zkteco Zktime Web 2.0.1.12280
1 EDB exploit
NA
CVE-2022-44213
ZKTeco Xiamen Information Technology ZKBio ECO ADMS <=3.1-164 is vulnerable to Cross Site Scripting (XSS).
Zkteco Automatic Data Master Server
NA
CVE-2023-48050
SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance (aka odoo-biometric-attendance) v. 13.0 up to and including 16.0.1 allows a remote malicious user to execute arbitrary code and to gain privileges via the db paramet...
Camsbiometrics Zkteco\\, Essl\\, Cams Biometrics Integration Module
Odoo Biometric Attendance
NA
CVE-2023-51142
An issue in ZKTeco BioTime v.8.5.4 and before allows a remote malicious user to obtain sensitive information.
NA
CVE-2024-22988
An issue in zkteco zkbio WDMS v.8.0.5 allows an malicious user to execute arbitrary code via the /files/backup/ component.
NA
CVE-2022-40472
ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 exists to contain a CSV injection vulnerability. This vulnerability allows malicious users to execute arbitrary code via a crafted payload injected into the Content text field of the Add New Message modul...
Zktec Zkbio Time 8.0.7
NA
CVE-2024-1706
A vulnerability, which was classified as problematic, has been found in ZKTeco ZKBio Access IVS up to 3.3.2. Affected by this issue is some unknown functionality of the component Department Name Search Bar. The manipulation with the input <marquee>hi leads to cross site scr...
NA
CVE-2024-2318
A vulnerability was found in ZKTeco ZKBio Media 2.0.0_x64_2024-01-29-1028. It has been classified as problematic. Affected is an unknown function of the file /pro/common/download of the component Service Port 9999. The manipulation of the argument fileName with the input ../../.....
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3