CVE-2026-33533

A flaw was found in Glances, an open-source system monitoring tool. The Glances XML-RPC server, when activated, sends a wildcard Access-Control-Allow-Origin header and does not validate the Content-Type header. This allows a remote attacker to craft a malicious webpage that can issue a Cross-Orig...

EUVD-2026-18603

A vulnerability was determined in Dialogue App up to 4.3.2 on Android. The affected element is an unknown function of the file file res/raw/config.json of the component ca.diagram.dialogue. Executing a manipulation of the argument SEGMENTWRITEKEY can lead to use of hard-coded cryptographic key...

EUVD-2026-18607

A security flaw has been discovered in PropertyGuru AgentNet Singapore App up to 23.7.10 on Android. This affects an unknown function of the file com/allproperty/android/agentnet/BuildConfig.java of the component com.allproperty.android.agentnet. The manipulation of the argument...

EUVD-2026-18611

A weakness has been identified in Noelse Individuals & Pro App up to 2.1.7 on Android. This impacts an unknown function of the file com/reactnative/antelop/BuildConfig.java of the component com.afone.noelse. This manipulation of the argument SEGMENTWRITEKEY causes use of hard-coded cryptographic...

EUVD-2026-18605

A vulnerability was identified in Align Technology My Invisalign App 3.12.4 on Android. The impacted element is an unknown function of the file com/aligntech/myinvisalign/BuildConfig.java of the component com.aligntech.myinvisalign.emea. The manipulation of the argument CDAACCESSTOKEN leads to us...

CVE-2026-5458

A weakness has been identified in Noelse Individuals & Pro App up to 2.1.7 on Android. This impacts an unknown function of the file com/reactnative/antelop/BuildConfig.java of the component com.afone.noelse. This manipulation of the argument SEGMENTWRITEKEY causes use of hard-coded cryptographic...

CVE-2026-5458

A weakness has been identified in Noelse Individuals & Pro App up to 2.1.7 on Android. This impacts an unknown function of the file com/reactnative/antelop/BuildConfig.java of the component com.afone.noelse. This manipulation of the argument SEGMENTWRITEKEY causes use of hard-coded cryptographic...

EUVD-2026-18597

A vulnerability has been found in Rico só vantagem pra investir App up to 4.58.32.12421 on Android. This issue affects some unknown processing of the file br/com/rico/mobile/di/SegmentSettingsModule.java of the component br.com.rico.mobile. Such manipulation of the argument SEGMENTWRITEKEY leads ...

CVE-2026-5457 PropertyGuru AgentNet Singapore App com.allproperty.android.agentnet BuildConfig.java hard-coded key

A security flaw has been discovered in PropertyGuru AgentNet Singapore App up to 23.7.10 on Android. This affects an unknown function of the file com/allproperty/android/agentnet/BuildConfig.java of the component com.allproperty.android.agentnet. The manipulation of the argument...

attack-executor (>=0.2.1 <=0.2.8), attackmate (>=0.0.0 <=0.6.0) +11 more potentially affected by CVE-2026-5463 via pymetasploit3 (>=1.0.5 <=1.0.6)

pymetasploit3 PYPI version =1.0.5, =0.2.1, =0.0.0, =0.4.84, =0.0.8, =1.0.0, =1.0.0, =0.0.0, =3.7.0, =0.1.0, =0.1.0, =0.1.2 - raven-vapt =0.1.0 - vulnheist =0.0.1 Source cves: CVE-2026-5463 Source advisory: SNYK:PYTHON-PYMETASPLOIT3-16072994...

CVE-2026-5453

A vulnerability has been found in Rico só vantagem pra investir App up to 4.58.32.12421 on Android. This issue affects some unknown processing of the file br/com/rico/mobile/di/SegmentSettingsModule.java of the component br.com.rico.mobile. Such manipulation of the argument SEGMENTWRITEKEY leads ...

EUVD-2026-18570

Swift Crypto: X-Wing HPKE Decapsulation Accepts Malformed Ciphertext Length...

Replay Attack

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Replay Attack via the webhook signature verification process. An attacker can bypass replay detection by submitting requests with equivalent Base64 and Base64URL-encoded signatures, causi...

Replay Attack

Overview @openclaw/voice-call is an OpenClaw voice-call plugin Affected versions of this package are vulnerable to Replay Attack via the webhook signature verification process. An attacker can bypass replay detection by submitting requests with equivalent Base64 and Base64URL-encoded signatures,...

CVE-2026-28815

A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1...

CVE-2026-35507

Shynet before 0.14.0 allows Host header injection in the password reset flow...

CVE-2026-32213

Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network...

PT-2026-29993

A weakness has been identified in Noelse Individuals & Pro App up to 2.1.7 on Android. This impacts an unknown function of the file com/reactnative/antelop/BuildConfig.java of the component com.afone.noelse. This manipulation of the argument SEGMENT WRITE KEY causes use of hard-coded cryptographi...

PT-2026-30047

Name of the Vulnerable Software and Affected Versions Biztalk360 versions prior to 11.5 Description A flaw exists in Biztalk360 that allows an authenticated attacker to write files outside the intended destination directory and potentially bypass authentication. This is due to improper handling o...

PT-2026-29986

A vulnerability has been found in Rico só vantagem pra investir App up to 4.58.32.12421 on Android. This issue affects some unknown processing of the file br/com/rico/mobile/di/SegmentSettingsModule.java of the component br.com.rico.mobile. Such manipulation of the argument SEGMENT WRITE KEY lead...