Search
Search Results (9 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-6005 | 1 Zkteco | 2 Zkbio Cvsecurity V5000, Zkbiosecurity V5000 | 2025-07-17 | 3.5 Low |
| A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Department Section. The manipulation of the argument Department Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor explains, "that ZKBio Security V5000 has been withdrawn from the market and [is] recommended for upgrading to the ZKBio CVSecurity latest version." This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2024-35430 | 1 Zkteco | 1 Zkbio Cvsecurity | 2025-07-09 | 8.1 High |
| In ZKTeco ZKBio CVSecurity v6.1.1_R and earlier (fixed in 6.1.3_R) an authenticated user can bypass password checks while exporting data from the application. | ||||
| CVE-2024-35432 | 1 Zkteco | 1 Zkbio Cvsecurity | 2025-06-17 | 6.1 Medium |
| ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Cross Site Scripting (XSS) via an Audio File. An authenticated user can injection malicious JavaScript code to trigger a Cross Site Scripting. | ||||
| CVE-2024-35431 | 1 Zkteco | 1 Zkbio Cvsecurity | 2025-06-17 | 7.5 High |
| ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via photoBase64. An unauthenticated user can download local files from the server. NOTE: Third parties have indicated other versions are also vulnerable including up to 6.4.1. | ||||
| CVE-2024-35433 | 1 Zkteco | 1 Zkbio Cvsecurity | 2025-06-17 | 8.1 High |
| ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Incorrect Access Control. An authenticated user, without the permissions of managing users, can create a new admin user. | ||||
| CVE-2024-36526 | 1 Zkteco | 1 Zkbio Cvsecurity | 2025-06-17 | 9.8 Critical |
| ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key. | ||||
| CVE-2025-45746 | 1 Zkteco | 1 Zkbio Cvsecurity | 2025-05-21 | 6.5 Medium |
| In ZKT ZKBio CVSecurity 6.4.1_R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. NOTE: the Supplier disputes the significance of this report because the service console is typically only accessible from a local area network, and because access to the service console does not result in login access or data access in the context of the application software platform. | ||||
| CVE-2024-35428 | 1 Zkteco | 1 Zkbio Cvsecurity | 2025-03-13 | 7.1 High |
| ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via BaseMediaFile. An authenticated user can delete local files from the server which can lead to DoS. | ||||
| CVE-2024-35429 | 1 Zkteco | 1 Zkbio Cvsecurity | 2025-02-13 | 6.5 Medium |
| ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via eventRecord. | ||||
Page 1 of 1.