Every CVE whose affected-product data names Zkteco Biotime, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2023-38951 — CVSS 9.8 (critical): ZKTeco BioTime 8.5.5 through 9.x before 9.0.1 (20240617.19506) allows authenticated attackers to create or overwrite arbitrary files on the…
CVE-2023-51142 — CVSS 7.5 (high): An issue in ZKTeco BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information.
CVE-2023-38949 — CVSS 7.5 (high): An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a…
CVE-2023-38952 — CVSS 7.5 (high): Insecure access control in ZKTeco BioTime through 9.0.1 allows authenticated attackers to escalate their privileges due to the fact that…
CVE-2024-13966 — CVSS 7.3 (high): ZKTeco BioTime allows unauthenticated attackers to enumerate usernames and log in as any user with a password unchanged from the default…
CVE-2022-38803 — CVSS 6.8 (medium): Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log. An authenticated…
CVE-2023-51141 — CVSS 6.5 (medium): An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information via the Authentication &…
CVE-2022-38802 — CVSS 6.2 (medium): Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval…
CVE-2022-38801 — CVSS 5.4 (medium): In Zkteco BioTime < 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting.
CVE-2022-30515 — CVSS 5.3 (medium): ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an attacker to view them through filename…
CVE-2024-6523 — CVSS 3.5 (low): A vulnerability was found in ZKTeco BioTime up to 9.5.2. It has been classified as problematic. Affected is an unknown function of the…