Lucene search
K

600 matches found

Vulnrichment
Vulnrichment
added 2026/02/13 1:9 p.m.6 views

CVE-2025-14349 Business Logic Error in Universal Software's FlexCity/Kiosk

Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation. This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36...

8.8CVSS5.8AI score0.00361EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/13 1:9 p.m.28 views

CVE-2025-14349 Business Logic Error in Universal Software's FlexCity/Kiosk

Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation. This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36...

8.8CVSS0.00361EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/13 12:0 a.m.6 views

PT-2026-7989

Name of the Vulnerable Software and Affected Versions Universal Software Inc. FlexCity/Kiosk versions prior to 1.0.36 Description An authentication bypass issue exists in Universal Software Inc. FlexCity/Kiosk, potentially allowing privilege escalation. The issue involves using an alternate path ...

8.8CVSS5.4AI score0.00383EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/13 12:0 a.m.7 views

Universal FlexCity/Kiosk 安全漏洞

Universal FlexCity/Kiosk is a smart city self-service terminal system developed by the Turkish company Universal. Versions of Universal FlexCity/Kiosk from 1.0 to 1.0.36 contained security vulnerabilities. These vulnerabilities stemmed from the use of alternative paths or channels to bypass...

8.8CVSS5.8AI score0.00383EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/13 12:0 a.m.6 views

Universal FlexCity/Kiosk 安全漏洞

Universal FlexCity/Kiosk is a smart city self-service terminal system developed by the Turkish company Universal. Versions of Universal FlexCity/Kiosk from 1.0 to 1.0.36 contained security vulnerabilities. These vulnerabilities stemmed from bypassing authorization using user control keys,...

8.3CVSS5.8AI score0.00297EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/13 12:0 a.m.6 views

PT-2026-7988

Name of the Vulnerable Software and Affected Versions Universal Software Inc. FlexCity/Kiosk versions prior to 1.0.36 Description A flaw exists in Universal Software Inc. FlexCity/Kiosk that allows accessing functionality not properly constrained by Access Control Lists ACLs, potentially leading ...

8.8CVSS5.5AI score0.00361EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/02/13 12:0 a.m.11 views

PT-2026-7990

Name of the Vulnerable Software and Affected Versions Universal Software Inc. FlexCity/Kiosk versions prior to 1.0.36 Description An authorization bypass exists in FlexCity/Kiosk due to exploitation of trusted identifiers through a user-controlled key. This allows unauthorized access...

8.3CVSS5.4AI score0.00297EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/13 12:0 a.m.6 views

Universal FlexCity/Kiosk 访问控制错误漏洞

Universal FlexCity/Kiosk is a smart city self-service terminal system developed by the Turkish company Universal. Versions of Universal FlexCity/Kiosk prior to 1.0.36 contained an access control vulnerability. This vulnerability stemmed from privileged definitions that included insecure operation...

8.8CVSS5.8AI score0.00361EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/27 2:11 a.m.7 views

Malicious code in @afg-ikea/ikea-kiosk-related-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f627f92f7e8b9ae99be35718e43eb73ed63a8818cea75a131f4bf85738cab2c3 The package @afg-ikea/ikea-kiosk-related-components was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/01/27 2:11 a.m.4 views

MAL-2026-518 Malicious code in @afg-ikea/ikea-kiosk-related-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f627f92f7e8b9ae99be35718e43eb73ed63a8818cea75a131f4bf85738cab2c3 The package @afg-ikea/ikea-kiosk-related-components was found to contain malicious code. Source: ghsa-malware...

5.5AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:37 p.m.6 views

CVE-2023-49340

An issue was discovered in Newland Nquire 1000 Interactive Kiosk version NQ1000-IIGV1.00.011, allows remote attackers to escalate privileges and bypass authentication via incorrect access control in the web management portal...

9.8CVSS7.7AI score0.00858EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:35 p.m.8 views

CVE-2023-45894

The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via standard kiosk breakout techniques...

10CVSS7.9AI score0.01205EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:54 a.m.7 views

CVE-2020-10598

In BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia PAS ES System v1.6.1, a restricted desktop environment escape vulnerability exists in the kiosk mode functionality of affected devices. Specially crafted inputs could allow the user to escape the restricted environment, resulting in...

6.1CVSS6.6AI score0.00334EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/25 12:0 a.m.3 views

ChurchCRM Access Control Error Vulnerability

ChurchCRM is an open source church management system. ChurchCRM suffers from an access control error vulnerability that stems from an access control flaw in the allowRegistration, acceptKiosk, reloadKiosk, and identifyKiosk functions of the Kiosk Manager function, which can be exploited by an...

8.3CVSS5.9AI score0.00253EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/18 7:44 p.m.5 views

CVE-2025-66397

ChurchCRM is an open-source church management system. Prior to version 6.5.3, the allowRegistration, acceptKiosk, reloadKiosk, and identifyKiosk functions in the Kiosk Manager feature suffers from broken access control, allowing any authenticated user to allow and accept kiosk registrations, and...

8.3CVSS6.8AI score0.00253EPSS
Exploits1References1
NVD
NVD
added 2025/12/17 8:15 p.m.5 views

CVE-2025-66397

ChurchCRM is an open-source church management system. Prior to version 6.5.3, the allowRegistration, acceptKiosk, reloadKiosk, and identifyKiosk functions in the Kiosk Manager feature suffers from broken access control, allowing any authenticated user to allow and accept kiosk registrations, and...

8.3CVSS0.00253EPSS
Exploits1References1
OSV
OSV
added 2025/12/17 7:12 p.m.4 views

CVE-2025-66397 ChurchCRM's Kiosk Manager Functions are vulnerable to Broken Access Control

ChurchCRM is an open-source church management system. Prior to version 6.5.3, the allowRegistration, acceptKiosk, reloadKiosk, and identifyKiosk functions in the Kiosk Manager feature suffers from broken access control, allowing any authenticated user to allow and accept kiosk registrations, and...

8.3CVSS6.7AI score0.00253EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/17 7:12 p.m.26 views

CVE-2025-66397 ChurchCRM's Kiosk Manager Functions are vulnerable to Broken Access Control

ChurchCRM is an open-source church management system. Prior to version 6.5.3, the allowRegistration, acceptKiosk, reloadKiosk, and identifyKiosk functions in the Kiosk Manager feature suffers from broken access control, allowing any authenticated user to allow and accept kiosk registrations, and...

8.3CVSS0.00253EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/17 7:12 p.m.5 views

EUVD-2025-203928

ChurchCRM is an open-source church management system. Prior to version 6.5.3, the allowRegistration, acceptKiosk, reloadKiosk, and identifyKiosk functions in the Kiosk Manager feature suffers from broken access control, allowing any authenticated user to allow and accept kiosk registrations, and...

8.3CVSS6.3AI score0.00253EPSS
Exploits1References1
CVE
CVE
added 2025/12/17 7:12 p.m.12 views

CVE-2025-66397

ChurchCRM’s CVE-2025-66397 describes an access-control flaw in the Kiosk Manager: prior to version 6.5.3, any authenticated user could perform actions such as allowRegistration, acceptKiosk, reloadKiosk, and identifyKiosk. Affected software is ChurchCRM, specifically the Kiosk Manager functions. ...

8.3CVSS6.4AI score0.00253EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder