CVE-2026-5457

A security flaw has been discovered in PropertyGuru AgentNet Singapore App up to 23.7.10 on Android. This affects an unknown function of the file com/allproperty/android/agentnet/BuildConfig.java of the component com.allproperty.android.agentnet. The manipulation of the argument...

CVE-2026-5458 Noelse Individuals & Pro App com.afone.noelse BuildConfig.java hard-coded key

A weakness has been identified in Noelse Individuals & Pro App up to 2.1.7 on Android. This impacts an unknown function of the file com/reactnative/antelop/BuildConfig.java of the component com.afone.noelse. This manipulation of the argument SEGMENTWRITEKEY causes use of hard-coded cryptographic...

CVE-2026-5458 Noelse Individuals & Pro App com.afone.noelse BuildConfig.java hard-coded key

A weakness has been identified in Noelse Individuals & Pro App up to 2.1.7 on Android. This impacts an unknown function of the file com/reactnative/antelop/BuildConfig.java of the component com.afone.noelse. This manipulation of the argument SEGMENTWRITEKEY causes use of hard-coded cryptographic...

CVE-2026-5457

PropertyGuru AgentNet Singapore App (Android, up to v23.7.10) has a flaw in com.allproperty.android.agentnet.BuildConfig.java where manipulating SEGMENT_ANDROID_WRITE_KEY/SEGMENT_TOS_WRITE_KEY leads to use of a hard-coded cryptographic key. The attack requires local access; the exploit has been r...

CVE-2026-5456

A vulnerability was identified in Align Technology My Invisalign App 3.12.4 on Android. The impacted element is an unknown function of the file com/aligntech/myinvisalign/BuildConfig.java of the component com.aligntech.myinvisalign.emea. The manipulation of the argument CDAACCESSTOKEN leads to us...

CVE-2026-5456 Align Technology My Invisalign App com.aligntech.myinvisalign.emea BuildConfig.java hard-coded key

A vulnerability was identified in Align Technology My Invisalign App 3.12.4 on Android. The impacted element is an unknown function of the file com/aligntech/myinvisalign/BuildConfig.java of the component com.aligntech.myinvisalign.emea. The manipulation of the argument CDAACCESSTOKEN leads to us...

CVE-2026-5455 Dialogue App ca.diagram.dialogue config.json hard-coded key

A vulnerability was determined in Dialogue App up to 4.3.2 on Android. The affected element is an unknown function of the file file res/raw/config.json of the component ca.diagram.dialogue. Executing a manipulation of the argument SEGMENTWRITEKEY can lead to use of hard-coded cryptographic key...

CVE-2026-5453 Rico só vantagem pra investir App br.com.rico.mobile SegmentSettingsModule.java hard-coded key

A vulnerability has been found in Rico só vantagem pra investir App up to 4.58.32.12421 on Android. This issue affects some unknown processing of the file br/com/rico/mobile/di/SegmentSettingsModule.java of the component br.com.rico.mobile. Such manipulation of the argument SEGMENTWRITEKEY leads ...

CVE-2026-5453 Rico só vantagem pra investir App br.com.rico.mobile SegmentSettingsModule.java hard-coded key

A vulnerability has been found in Rico só vantagem pra investir App up to 4.58.32.12421 on Android. This issue affects some unknown processing of the file br/com/rico/mobile/di/SegmentSettingsModule.java of the component br.com.rico.mobile. Such manipulation of the argument SEGMENTWRITEKEY leads ...

CVE-2026-5452

A flaw has been found in UCC CampusConnect App up to 14.3.5 on Android. This vulnerability affects unknown code of the file campusconnect/BuildConfig.java of the component campusconnect.ucc. This manipulation causes use of hard-coded cryptographic key . The attack can only be executed locally. Th...

CVE-2026-5452 UCC CampusConnect App campusconnect.ucc BuildConfig.java hard-coded key

A flaw has been found in UCC CampusConnect App up to 14.3.5 on Android. This vulnerability affects unknown code of the file campusconnect/BuildConfig.java of the component campusconnect.ucc. This manipulation causes use of hard-coded cryptographic key . The attack can only be executed locally. Th...

CVE-2026-5452 UCC CampusConnect App campusconnect.ucc BuildConfig.java hard-coded key

A flaw has been found in UCC CampusConnect App up to 14.3.5 on Android. This vulnerability affects unknown code of the file campusconnect/BuildConfig.java of the component campusconnect.ucc. This manipulation causes use of hard-coded cryptographic key . The attack can only be executed locally. Th...

CVE-2026-5452

CVE-2026-5452 affects the UCC CampusConnect App (Android) up to version 14.3.5, in the campusconnect.BuildConfig.java file where a hard-coded cryptographic key is used. This flaw enables local exploitation and arises from manipulating the hard-coded key, with the exploit published and potentially...

PT-2026-29989

A vulnerability was determined in Dialogue App up to 4.3.2 on Android. The affected element is an unknown function of the file file res/raw/config.json of the component ca.diagram.dialogue. Executing a manipulation of the argument SEGMENT WRITE KEY can lead to use of hard-coded cryptographic key...

PT-2026-29976

A flaw has been found in UCC CampusConnect App up to 14.3.5 on Android. This vulnerability affects unknown code of the file campusconnect/BuildConfig.java of the component campusconnect.ucc. This manipulation causes use of hard-coded cryptographic key . The attack can only be executed locally. Th...

PT-2026-29992

A security flaw has been discovered in PropertyGuru AgentNet Singapore App up to 23.7.10 on Android. This affects an unknown function of the file com/allproperty/android/agentnet/BuildConfig.java of the component com.allproperty.android.agentnet. The manipulation of the argument SEGMENT ANDROID...

PT-2026-30197

Name of the Vulnerable Software and Affected Versions NASA cFS versions prior to 7.0.0 Description A deserialization issue exists in the Pickle Module within the pickle.load function. This flaw allows for manipulation through local access, although the attack requires a high level of complexity a...

PT-2026-30194

A vulnerability was detected in Investory Toy Planet Trouble App up to 1.5.5 on Android. Impacted is an unknown function of the file assets/google-services-desktop.json of the component app.investory.toyfactory. The manipulation of the argument current key results in use of hard-coded cryptograph...

vim: Vim: Denial of service and information disclosure via crafted swap file

A flaw was found in Vim. This vulnerability, a heap-buffer-overflow and a segmentation fault, exists in the swap file recovery logic. A local attacker could exploit this by providing a specially crafted swap file. This could lead to a denial of service DoS or potentially information disclosure...

a11y-mcp: Server-Side Request Forgery (SSRF) vulnerability in A11yServer function

A vulnerability was found in priyankark a11y-mcp up to 1.0.5. This vulnerability affects the function A11yServer of the file src/index.js. The manipulation results in server-side request forgery. The attack must be initiated from a local position. The exploit has been made public and could be use...