📦 Zkbio Cvsecurity

ZKTeco ZKBio CVSecurity v6.1.1 contains a hardcoded cryptographic key (CWE-259), allowing attackers to decrypt sensitive data or bypass authentication. This affects all installations of version 6.1.1....

ZKTeco ZKBio CVSecurity 6.1.1 has a directory traversal vulnerability in the BaseMediaFile component that allows authenticated users to delete arbitrary files on the server. This can lead to denial of...

ZKTeco ZKBio CVSecurity versions up to 6.4.1 are vulnerable to directory traversal via the photoBase64 parameter, allowing unauthenticated attackers to download arbitrary files from the server. This a...

This vulnerability allows authenticated users in ZKTeco ZKBio CVSecurity to bypass password verification when exporting data. Attackers with valid credentials can extract sensitive information without...

CVE-2025-45746 allows unauthenticated attackers to craft valid JWT tokens using a hardcoded secret, enabling authentication bypass to the ZKT ZKBio CVSecurity service console. This affects organizatio...