CVE-2023-38950High· 7.5▾ Abyssal⚠ Exploited in the wildA path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. This vulnerability was fixed in version 9.0.120240617.19506 of ZKBioTime.
▾ Abyssal zone — Critical with a public exploit or in-the-wild use
impact 41.3 · likelihood 17 · exploitation 25
The latest CVEs are free to read. CVE-2023-38950 is outside the free window — sign in (free) to view the full technical detail, affected versions, references, and raw markdown.