8.8

CVSS3.1

CVE-2026-1618 - Admin Account Takeover in Universal Sotware's FlexCity/Kiosk

Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc. FlexCity/Kiosk allows Privilege Escalation.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36.

📅 Published: Feb. 13, 2026, 1:14 p.m. 🔄 Last Modified: April 18, 2026, 6:15 p.m.

8.8

CVSS3.1

CVE-2025-14349 - Business Logic Error in Universal Software's FlexCity/Kiosk

Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36.

📅 Published: Feb. 13, 2026, 1:09 p.m. 🔄 Last Modified: March 2, 2026, 1:37 p.m.

7.3

CVSS3.1

CVE-2025-33042 - Apache Avro Java SDK: Code injection on Java generated code

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1…

📅 Published: Feb. 13, 2026, 11:47 a.m. 🔄 Last Modified: Feb. 20, 2026, 3:07 p.m.

0.0