Zkteco Zkbio_cvsecurity

8 CVEs affecting Zkteco Zkbio_cvsecurity. Latest disclosed: 2025-05-13. Critical: 1, High: 4.

Top CVEs affecting Zkteco Zkbio_cvsecurity
CVESeverityScorePublishedSummary
CVE-2024-36526Critical9.82024-07-09ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key.
CVE-2024-35433High8.12024-05-30ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Incorrect Access Control. An authenticated user, without the permissions of managing users, can create a new adm…
CVE-2024-35430High8.12024-05-30In ZKTeco ZKBio CVSecurity v6.1.1_R and earlier (fixed in 6.1.3_R) an authenticated user can bypass password checks while exporting data from the application.
CVE-2024-35431High7.52024-05-30ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via photoBase64. An unauthenticated user can download local files from the server. NOTE: Thi…
CVE-2024-35428High7.12024-05-30ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via BaseMediaFile. An authenticated user can delete local files from the server which can le…
CVE-2025-45746Medium6.52025-05-13In ZKT ZKBio CVSecurity 6.4.1_R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. NOTE: the Su…
CVE-2024-35429Medium6.52024-05-30ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via eventRecord.
CVE-2024-35432Medium6.12024-05-30ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Cross Site Scripting (XSS) via an Audio File. An authenticated user can injection malicious JavaScript code to t…