Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

uni-yaz

Source -

NVD

BOS Name -

N/A

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

4
Related CVEsRelated ProductsRelated AssignersReports
4Vulnerabilities found
CVE-2026-1619
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-8.3||HIGH
EPSS-0.04% / 12.78%
||
7 Day CHG~0.00%
Published-13 Feb, 2026 | 13:20
Updated-02 Mar, 2026 | 13:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IDOR in Universal Sotware's FlexCity/Kiosk

Authorization Bypass Through User-Controlled Key vulnerability in Universal Software Inc. FlexCity/Kiosk allows Exploitation of Trusted Identifiers.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36.

Action-Not Available
Vendor-uni-yazUniversal Software Inc.
Product-flexcityFlexCity/Kiosk
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-1618
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-8.8||HIGH
EPSS-0.06% / 17.29%
||
7 Day CHG~0.00%
Published-13 Feb, 2026 | 13:14
Updated-02 Mar, 2026 | 13:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Admin Account Takeover in Universal Sotware's FlexCity/Kiosk

Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc. FlexCity/Kiosk allows Privilege Escalation.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36.

Action-Not Available
Vendor-uni-yazUniversal Software Inc.
Product-flexcityFlexCity/Kiosk
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2025-14349
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-8.8||HIGH
EPSS-0.05% / 15.65%
||
7 Day CHG~0.00%
Published-13 Feb, 2026 | 13:09
Updated-02 Mar, 2026 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Business Logic Error in Universal Software's FlexCity/Kiosk

Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36.

Action-Not Available
Vendor-uni-yazUniversal Software Inc.
Product-flexcityFlexCity/Kiosk
CWE ID-CWE-267
Privilege Defined With Unsafe Actions
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-0857
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-9.8||CRITICAL
EPSS-0.16% / 36.84%
||
7 Day CHG~0.00%
Published-18 Jul, 2024 | 17:32
Updated-22 Aug, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQLi in Universal Software's FlexWater Corporate Water Management

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Universal Software Inc. FlexWater Corporate Water Management allows SQL Injection.This issue affects FlexWater Corporate Water Management: before 5.452.0.

Action-Not Available
Vendor-uni-yazUniversal Software Inc.universal_software_inc
Product-flexwater_corporate_water_managementFlexWater Corporate Water Managementflexwater_corporate_water_management
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')