PT-2026-30194

A vulnerability was detected in Investory Toy Planet Trouble App up to 1.5.5 on Android. Impacted is an unknown function of the file assets/google-services-desktop.json of the component app.investory.toyfactory. The manipulation of the argument current key results in use of hard-coded cryptograph...

CVE-2026-5420

A security flaw has been discovered in Shinrays Games Goods Triple App up to 1.200. The affected element is an unknown function of the file jRwTX.java of the component cats.goods.sort.sorting.games. Performing a manipulation of the argument AESIV/AESPASSWORD results in use of hard-coded...

CVE-2026-5420 Shinrays Games Goods Triple App cats.goods.sort.sorting.games jRwTX.java hard-coded key

A security flaw has been discovered in Shinrays Games Goods Triple App up to 1.200. The affected element is an unknown function of the file jRwTX.java of the component cats.goods.sort.sorting.games. Performing a manipulation of the argument AESIV/AESPASSWORD results in use of hard-coded...

CVE-2026-5420

A security flaw has been discovered in Shinrays Games Goods Triple App up to 1.200. The affected element is an unknown function of the file jRwTX.java of the component cats.goods.sort.sorting.games. Performing a manipulation of the argument AESIV/AESPASSWORD results in use of hard-coded...

CVE-2026-5420 Shinrays Games Goods Triple App cats.goods.sort.sorting.games jRwTX.java hard-coded key

A security flaw has been discovered in Shinrays Games Goods Triple App up to 1.200. The affected element is an unknown function of the file jRwTX.java of the component cats.goods.sort.sorting.games. Performing a manipulation of the argument AESIV/AESPASSWORD results in use of hard-coded...

CVE-2026-5420

CVE-2026-5420 affects Shinrays Games Goods Triple App (up to 1.200), specifically the component cats.goods.sort.sorting.games and the file jRwTX.java. The issue arises from manipulating AES_IV/AES_PASSWORD, resulting in the use of a hard-coded cryptographic key. Local attack is required with high...

Security Bulletin: IBM i is Affected by Use of Hard-coded Cryptographic Key, Cross-site Scripting, and Prototype Pollution Vulnerabilities in IBM WebSphere Application Server Liberty [CVE-2025-14923, CVE-2025-12635, CVE-2026-29063]

Summary IBM WebSphere Application Server Liberty for IBM i is vulnerable to providing weaker than expected security CVE-2025-14923, improper validation of user-supplied input CVE-2025-12635, and improperly controlled modification of object prototype attributes in the Immutable package...

CVE-2026-5310

A vulnerability was identified in Enter Software Iperius Backup up to 8.7.2. This impacts an unknown function of the file IperiusAccounts.ini. Such manipulation leads to use of hard-coded cryptographic key . The attack must be carried out locally. This attack is characterized by high complexity...

Zscaler Client Connector hard-coded proxy configuration domain

RISK EVALUATION ZScaler Client Connector 4.7 and 4.8 on Microsoft Windows hard codes a domain used to retrieve proxy configuration information. An attacker with control of this domain could provide arbitrary proxy configurations and intercept, redirect or disrupt traffic. 2. RECOMMENDED...

PT-2026-29885

A security flaw has been discovered in Shinrays Games Goods Triple App up to 1.200. The affected element is an unknown function of the file jRwTX.java of the component cats.goods.sort.sorting.games. Performing a manipulation of the argument AES IV/AES PASSWORD results in use of hard-coded...

EUVD-2026-17966

A vulnerability was identified in Enter Software Iperius Backup up to 8.7.2. This impacts an unknown function of the file IperiusAccounts.ini. Such manipulation leads to use of hard-coded cryptographic key . The attack must be carried out locally. This attack is characterized by high complexity...

CVE-2026-5310

A vulnerability was identified in Enter Software Iperius Backup up to 8.7.2. This impacts an unknown function of the file IperiusAccounts.ini. Such manipulation leads to use of hard-coded cryptographic key . The attack must be carried out locally. This attack is characterized by high complexity...

CVE-2026-5310 Enter Software Iperius Backup IperiusAccounts.ini hard-coded key

A vulnerability was identified in Enter Software Iperius Backup up to 8.7.2. This impacts an unknown function of the file IperiusAccounts.ini. Such manipulation leads to use of hard-coded cryptographic key . The attack must be carried out locally. This attack is characterized by high complexity...

CVE-2026-5310 Enter Software Iperius Backup IperiusAccounts.ini hard-coded key

A vulnerability was identified in Enter Software Iperius Backup up to 8.7.2. This impacts an unknown function of the file IperiusAccounts.ini. Such manipulation leads to use of hard-coded cryptographic key . The attack must be carried out locally. This attack is characterized by high complexity...

CVE-2026-5310

A vulnerability was identified in Enter Software Iperius Backup up to 8.7.2. This impacts an unknown function of the file IperiusAccounts.ini. Such manipulation leads to use of hard-coded cryptographic key . The attack must be carried out locally. This attack is characterized by high complexity...

CVE-2026-5310

The CVE affects Enter Software Iperius Backup (up to v8.7.2). The vulnerability targets the IperiusAccounts.ini file, where manipulation leads to use of a hard-coded cryptographic key. Exploitation is local and described as high complexity with low exploitability, with a publicly available exploi...

PT-2026-29572

A vulnerability was identified in Enter Software Iperius Backup up to 8.7.2. This impacts an unknown function of the file IperiusAccounts.ini. Such manipulation leads to use of hard-coded cryptographic key . The attack must be carried out locally. This attack is characterized by high complexity...

CVE-2026-1612

AL-KO Robolinho Update Software has hard-coded AWS Access and Secret keys that allow anyone to access AL-KO's AWS bucket. Using the keys directly might give the attacker greater access than the app itself. Key grants AT LEAST read access to some of the objects in bucket. The vendor was notified...

HCL Aftermarket DPC Hardcoding Vulnerability

HCL Aftermarket DPC is a digital spare parts and aftermarket management platform for HCL India. HCL Aftermarket DPC suffers from a hard-coded vulnerability that originates from hard-coded sensitive data, which can be exploited by an attacker to gain access to source code or retrieve these...

EUVD-2026-17077

AL-KO Robolinho Update Software has hard-coded AWS Access and Secret keys that allow anyone to access AL-KO's AWS bucket. Using the keys directly might give the attacker greater access than the app itself. Key grants AT LEAST read access to some of the objects in bucket. The vendor was notified...