zkteco
Security Productscommercial
Latest CVEs
The 15 most recently published vulnerabilities affecting zkteco.
- CVE-2026-8598Unauthenticated Export Service in ZKTeco CCTV Cameras9.1
- CVE-2025-15128ZKTeco BioTime Endpoint safe_setting credentials storage5.3
- CVE-2024-13966ZKTeco BioTime default password7.3
- CVE-2025-45746In ZKT ZKBio CVSecurity 6.4.1_R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. NOTE: the Supplier disputes the significance of th...6.5
- CVE-2024-11049ZKTeco ZKBio Time Image File photo direct request3.7
- CVE-2024-45250ZKteco – CWE 200 Exposure of Sensitive Information to an Unauthorized Actor4.3
- CVE-2023-51157Cross Site Scripting vulnerability in ZKTeco WDMS v.5.1.3 Pro allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the Emp Name parameter.5.4
- CVE-2024-36526ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key.9.8
- CVE-2024-6523ZKTeco BioTime system-group-add cross site scripting3.5
- CVE-2024-6344ZKTeco ZKBio CVSecurity V5000 Push Configuration Section cross site scripting2.4
- CVE-2024-6006ZKTeco ZKBio CVSecurity V5000 Summer Schedule cross site scripting3.5
- CVE-2024-6005ZKTeco ZKBio CVSecurity V5000 Department Section cross site scripting3.5
- CVE-2024-35433ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Incorrect Access Control. An authenticated user, without the permissions of managing users, can create a new admin user.8.1
- CVE-2024-35428ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via BaseMediaFile. An authenticated user can delete local files from the server which can lead to DoS.7.1
- CVE-2024-35429ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via eventRecord.6.5