Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zkteco vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-3942
An 'SQL Injection' vulnerability, due to improper neutralization of special elements used in SQL commands, exists in ZKTeco-based OEM devices. This vulnerability allows an malicious user to, in some cases, impersonate another user or perform unauthorized actions. In oth...
1 Article
NA
CVE-2024-35429
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via eventRecord.
NA
CVE-2023-51142
An issue in ZKTeco BioTime v.8.5.4 and before allows a remote malicious user to obtain sensitive information.
NA
CVE-2024-35430
In ZKTeco ZKBio CVSecurity v6.1.1 an authenticated user can bypass password checks while exporting data from the application.
NA
CVE-2024-22988
An issue in zkteco zkbio WDMS v.8.0.5 allows an malicious user to execute arbitrary code via the /files/backup/ component.
NA
CVE-2024-35431
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via photoBase64. An unauthenticated user can download local files from the server.
NA
CVE-2024-35433
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Incorrect Access Control. An authenticated user, without the permissions of managing users, can create a new admin user.
NA
CVE-2024-35428
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via BaseMediaFile. An authenticated user can delete local files from the server which can lead to DoS.
NA
CVE-2024-35432
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Cross Site Scripting (XSS) via an Audio File. An authenticated user can injection malicious JavaScript code to trigger a Cross Site Scripting.
NA
CVE-2022-40472
ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 exists to contain a CSV injection vulnerability. This vulnerability allows malicious users to execute arbitrary code via a crafted payload injected into the Content text field of the Add New Message modul...
Zktec Zkbio Time 8.0.7
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »