CVE-2025-14349

Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation. This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36.

high 8.8 CVSS 3.1
Published: Feb 13, 2026
Modified: Jun 4, 2026
Vendor: Uni-Yaz
Product: Flexcity

Description

Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation.

This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36.

References

Related CVEs

CVE-2026-1619 high · 8.3
Authorization Bypass Through User-Controlled Key vulnerability in Universal Software Inc. FlexCity/Kiosk allows Exploitation of Trusted Identifiers. This issue affects FlexCity/Ki
CVE-2026-1618 high · 8.8
Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc. FlexCity/Kiosk allows Privilege Escalation. This issue affects FlexCity/Kiosk: fr
CVE-2024-0857 critical · 9.8
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Universal Software Inc. FlexWater Corporate Water Management allows SQL Inject