Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Realcetecnologia Subscribe
Filtered by product Queue Ticket Kiosk
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-5179 1 Realcetecnologia 1 Queue Ticket Kiosk 2025-06-03 3.3 LOW 2.4 LOW
A vulnerability classified as problematic was found in Realce Tecnologia Queue Ticket Kiosk up to 20250517. Affected by this vulnerability is an unknown functionality of the file /adm/index.php of the component Cadastro de Administrador Page. The manipulation of the argument Name/Usuário leads to cross site scripting. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-5178 1 Realcetecnologia 1 Queue Ticket Kiosk 2025-06-03 6.5 MEDIUM 6.3 MEDIUM
A vulnerability classified as critical has been found in Realce Tecnologia Queue Ticket Kiosk up to 20250517. Affected is an unknown function of the file /adm/ajax.php of the component Image File Handler. The manipulation of the argument files[] leads to unrestricted upload. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-5177 1 Realcetecnologia 1 Queue Ticket Kiosk 2025-06-03 5.0 MEDIUM 4.3 MEDIUM
A vulnerability was found in Realce Tecnologia Queue Ticket Kiosk up to 20250517. It has been rated as problematic. This issue affects some unknown processing of the file /adm/index.php of the component Admin Login Page. The manipulation of the argument Usuário leads to cross site scripting. The attack may be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-5176 1 Realcetecnologia 1 Queue Ticket Kiosk 2025-06-03 7.5 HIGH 7.3 HIGH
A vulnerability was found in Realce Tecnologia Queue Ticket Kiosk up to 20250517. It has been declared as critical. This vulnerability affects unknown code of the file /adm/index.php of the component Admin Login Page. The manipulation of the argument Usuário leads to sql injection. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way.