Browse all 4 CVE security advisories affecting Universal Software Inc.. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Universal Software Inc. develops enterprise resource planning (ERP) systems for mid-sized businesses, streamlining operations across finance, HR, and inventory management. Historically, their products have been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and misconfigured access controls. While no major public security incidents have been documented, the company maintains four active CVE records, highlighting persistent security challenges in their web applications and APIs. Their security posture reflects common issues in legacy ERP systems, where complex functionality and integration points create multiple attack surfaces requiring continuous patching and hardening.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-1619 | IDOR in Universal Sotware's FlexCity/Kiosk — FlexCity/KioskCWE-639 | 8.3 | High | 2026-02-13 |
| CVE-2026-1618 | Admin Account Takeover in Universal Sotware's FlexCity/Kiosk — FlexCity/KioskCWE-288 | 8.8 | High | 2026-02-13 |
| CVE-2025-14349 | Business Logic Error in Universal Software's FlexCity/Kiosk — FlexCity/KioskCWE-267 | 8.8 | High | 2026-02-13 |
| CVE-2024-0857 | SQLi in Universal Software's FlexWater Corporate Water Management — FlexWater Corporate Water ManagementCWE-89 | 9.8 | Critical | 2024-07-18 |
This page lists every published CVE security advisory associated with Universal Software Inc.. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.