600 matches found
CVE-2025-14349 Business Logic Error in Universal Software's FlexCity/Kiosk
Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation. This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36...
CVE-2025-14349 Business Logic Error in Universal Software's FlexCity/Kiosk
Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation. This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36...
PT-2026-7989
Name of the Vulnerable Software and Affected Versions Universal Software Inc. FlexCity/Kiosk versions prior to 1.0.36 Description An authentication bypass issue exists in Universal Software Inc. FlexCity/Kiosk, potentially allowing privilege escalation. The issue involves using an alternate path ...
Universal FlexCity/Kiosk 安全漏洞
Universal FlexCity/Kiosk is a smart city self-service terminal system developed by the Turkish company Universal. Versions of Universal FlexCity/Kiosk from 1.0 to 1.0.36 contained security vulnerabilities. These vulnerabilities stemmed from the use of alternative paths or channels to bypass...
Universal FlexCity/Kiosk 安全漏洞
Universal FlexCity/Kiosk is a smart city self-service terminal system developed by the Turkish company Universal. Versions of Universal FlexCity/Kiosk from 1.0 to 1.0.36 contained security vulnerabilities. These vulnerabilities stemmed from bypassing authorization using user control keys,...
PT-2026-7988
Name of the Vulnerable Software and Affected Versions Universal Software Inc. FlexCity/Kiosk versions prior to 1.0.36 Description A flaw exists in Universal Software Inc. FlexCity/Kiosk that allows accessing functionality not properly constrained by Access Control Lists ACLs, potentially leading ...
PT-2026-7990
Name of the Vulnerable Software and Affected Versions Universal Software Inc. FlexCity/Kiosk versions prior to 1.0.36 Description An authorization bypass exists in FlexCity/Kiosk due to exploitation of trusted identifiers through a user-controlled key. This allows unauthorized access...
Universal FlexCity/Kiosk 访问控制错误漏洞
Universal FlexCity/Kiosk is a smart city self-service terminal system developed by the Turkish company Universal. Versions of Universal FlexCity/Kiosk prior to 1.0.36 contained an access control vulnerability. This vulnerability stemmed from privileged definitions that included insecure operation...
Malicious code in @afg-ikea/ikea-kiosk-related-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f627f92f7e8b9ae99be35718e43eb73ed63a8818cea75a131f4bf85738cab2c3 The package @afg-ikea/ikea-kiosk-related-components was found to contain malicious code. Source: ghsa-malware...
MAL-2026-518 Malicious code in @afg-ikea/ikea-kiosk-related-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f627f92f7e8b9ae99be35718e43eb73ed63a8818cea75a131f4bf85738cab2c3 The package @afg-ikea/ikea-kiosk-related-components was found to contain malicious code. Source: ghsa-malware...
CVE-2023-49340
An issue was discovered in Newland Nquire 1000 Interactive Kiosk version NQ1000-IIGV1.00.011, allows remote attackers to escalate privileges and bypass authentication via incorrect access control in the web management portal...
CVE-2023-45894
The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via standard kiosk breakout techniques...
CVE-2020-10598
In BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia PAS ES System v1.6.1, a restricted desktop environment escape vulnerability exists in the kiosk mode functionality of affected devices. Specially crafted inputs could allow the user to escape the restricted environment, resulting in...
ChurchCRM Access Control Error Vulnerability
ChurchCRM is an open source church management system. ChurchCRM suffers from an access control error vulnerability that stems from an access control flaw in the allowRegistration, acceptKiosk, reloadKiosk, and identifyKiosk functions of the Kiosk Manager function, which can be exploited by an...
CVE-2025-66397
ChurchCRM is an open-source church management system. Prior to version 6.5.3, the allowRegistration, acceptKiosk, reloadKiosk, and identifyKiosk functions in the Kiosk Manager feature suffers from broken access control, allowing any authenticated user to allow and accept kiosk registrations, and...
CVE-2025-66397
ChurchCRM is an open-source church management system. Prior to version 6.5.3, the allowRegistration, acceptKiosk, reloadKiosk, and identifyKiosk functions in the Kiosk Manager feature suffers from broken access control, allowing any authenticated user to allow and accept kiosk registrations, and...
CVE-2025-66397 ChurchCRM's Kiosk Manager Functions are vulnerable to Broken Access Control
ChurchCRM is an open-source church management system. Prior to version 6.5.3, the allowRegistration, acceptKiosk, reloadKiosk, and identifyKiosk functions in the Kiosk Manager feature suffers from broken access control, allowing any authenticated user to allow and accept kiosk registrations, and...
CVE-2025-66397 ChurchCRM's Kiosk Manager Functions are vulnerable to Broken Access Control
ChurchCRM is an open-source church management system. Prior to version 6.5.3, the allowRegistration, acceptKiosk, reloadKiosk, and identifyKiosk functions in the Kiosk Manager feature suffers from broken access control, allowing any authenticated user to allow and accept kiosk registrations, and...
EUVD-2025-203928
ChurchCRM is an open-source church management system. Prior to version 6.5.3, the allowRegistration, acceptKiosk, reloadKiosk, and identifyKiosk functions in the Kiosk Manager feature suffers from broken access control, allowing any authenticated user to allow and accept kiosk registrations, and...
CVE-2025-66397
ChurchCRM’s CVE-2025-66397 describes an access-control flaw in the Kiosk Manager: prior to version 6.5.3, any authenticated user could perform actions such as allowRegistration, acceptKiosk, reloadKiosk, and identifyKiosk. Affected software is ChurchCRM, specifically the Kiosk Manager functions. ...