Filtered by vendor Zkteco
Subscriptions
Filtered by product Zkbio Cvsecurity
Subscriptions
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-35433 | 1 Zkteco | 1 Zkbio Cvsecurity | 2025-02-13 | 8.1 High |
| ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Incorrect Access Control. An authenticated user, without the permissions of managing users, can create a new admin user. | ||||
| CVE-2024-35432 | 1 Zkteco | 1 Zkbio Cvsecurity | 2025-02-13 | 6.1 Medium |
| ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Cross Site Scripting (XSS) via an Audio File. An authenticated user can injection malicious JavaScript code to trigger a Cross Site Scripting. | ||||
| CVE-2024-35431 | 1 Zkteco | 1 Zkbio Cvsecurity | 2025-02-13 | 7.5 High |
| ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via photoBase64. An unauthenticated user can download local files from the server. | ||||
| CVE-2024-35430 | 1 Zkteco | 1 Zkbio Cvsecurity | 2025-02-13 | 8.1 High |
| In ZKTeco ZKBio CVSecurity v6.1.1 an authenticated user can bypass password checks while exporting data from the application. | ||||
| CVE-2024-35429 | 1 Zkteco | 1 Zkbio Cvsecurity | 2025-02-13 | 6.5 Medium |
| ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via eventRecord. | ||||
| CVE-2024-35428 | 1 Zkteco | 1 Zkbio Cvsecurity | 2025-02-13 | 7.1 High |
| ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via BaseMediaFile. An authenticated user can delete local files from the server which can lead to DoS. | ||||
| CVE-2024-36526 | 1 Zkteco | 1 Zkbio Cvsecurity | 2024-11-21 | 9.8 Critical |
| ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key. | ||||
Page 1 of 1.