2 matches found
CVE-2025-14349
Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36...
CVE-2026-1619
CVE-2026-1619 is an authorization bypass in Universal Software Inc.'s FlexCity/Kiosk (versions 1.0 up to 1.0.35). The vulnerability stems from a user-controlled key that enables exploitation of trusted identifiers, with CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L (base score 8.3). Affected prod...