Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zkteco vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-38949
An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated malicious users to arbitrarily reset the Administrator password via a crafted web request.
Zkteco Biotime 8.5.5
NA
CVE-2023-38950
A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated malicious users to read arbitrary files via supplying a crafted payload.
Zkteco Biotime 8.5.5
NA
CVE-2023-38952
Insecure access control in ZKTeco BioTime v8.5.5 allows unauthenticated malicious users to read sensitive backup files and access sensitive information such as user credentials via sending a crafted HTTP request to the static files resources of the system.
Zkteco Biotime 8.5.5
NA
CVE-2022-36635
ZKteco ZKBioSecurity V5000 4.1.3 exists to contain a SQL injection vulnerability via the component /baseOpLog.do.
Zkteco Zkbiosecurity V5000 4.1.3
NA
CVE-2023-38954
ZKTeco BioAccess IVS v3.3.1 exists to contain a SQL injection vulnerability.
Zkteco Bioaccess Ivs 3.3.1
NA
CVE-2023-38955
ZKTeco BioAccess IVS v3.3.1 allows unauthenticated malicious users to obtain sensitive information about all managed devices, including their IP addresses and device names.
Zkteco Bioaccess Ivs 3.3.1
NA
CVE-2023-38956
A path traversal vulnerability in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated malicious users to read arbitrary files via supplying a crafted payload.
Zkteco Bioaccess Ivs 3.3.1
NA
CVE-2023-38958
An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated malicious users to arbitrarily close and open the doors managed by the platform remotely via sending a crafted web request.
Zkteco Bioaccess Ivs 3.3.1
NA
CVE-2022-36634
An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5_r allows malicious users to arbitrarily create admin users via a crafted HTTP request.
Zkteco Zkbiosecurity V5000 3.0.5.0 R
5
CVSSv2
CVE-2017-14680
ZKTeco ZKTime Web 2.0.1.12280 allows remote malicious users to obtain sensitive employee metadata via a direct request for a PDF document.
Zkteco Zktime Web 2.0.1.12280
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »