Vulnerabilities > Zkteco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-25 | CVE-2023-51157 | Cross-site Scripting vulnerability in Zkteco Wdms 5.1.3 Cross Site Scripting vulnerability in ZKTeco WDMS v.5.1.3 Pro allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the Emp Name parameter. | 5.4 |
| 2024-07-05 | CVE-2024-6523 | Cross-site Scripting vulnerability in Zkteco Biotime 8.5.3/8.5.4/8.5.5 A vulnerability was found in ZKTeco BioTime up to 9.5.2. | 5.4 |
| 2024-05-30 | CVE-2024-35428 | Path Traversal vulnerability in Zkteco Zkbio Cvsecurity 6.1.1 ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via BaseMediaFile. | 7.1 |
| 2024-05-30 | CVE-2024-35429 | Path Traversal vulnerability in Zkteco Zkbio Cvsecurity 6.1.1 ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via eventRecord. | 6.5 |
| 2023-09-04 | CVE-2023-4587 | Authorization Bypass Through User-Controlled Key vulnerability in Zkteco Zem800 Firmware 6.60 An IDOR vulnerability has been found in ZKTeco ZEM800 product affecting version 6.60. | 5.5 |
| 2023-08-03 | CVE-2023-38949 | Unspecified vulnerability in Zkteco Biotime 8.5.5 An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request. | 7.5 |
| 2023-08-03 | CVE-2023-38950 | Path Traversal vulnerability in Zkteco Biotime 8.5.5 A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. | 7.5 |
| 2023-08-03 | CVE-2023-38951 | Path Traversal vulnerability in Zkteco Biotime 8.5.5 A path traversal vulnerability in ZKTeco BioTime v8.5.5 allows attackers to write arbitrary files via using a malicious SFTP configuration. | 9.8 |
| 2023-08-03 | CVE-2023-38952 | Files or Directories Accessible to External Parties vulnerability in Zkteco Biotime 8.5.5 Insecure access control in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read sensitive backup files and access sensitive information such as user credentials via sending a crafted HTTP request to the static files resources of the system. | 7.5 |
| 2023-08-03 | CVE-2023-38954 | SQL Injection vulnerability in Zkteco Bioaccess IVS 3.3.1 ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability. | 9.8 |