CVE-2026-9221 Setracker2 Children's Smartwatch Ecosystem Use of a Broken or Risky Cryptographic Algorithm

The Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and earlier uses MD5 to generate a request signature for authenticating communications between the mobile client and the backend REST API. Attackers could potentially reverse the signature to recover the session ID. With the...

CVE-2026-9221

CVE-2026-9221 affects Setracker2 Android Companion App (com.tgelec.setracker)

CVE-2026-27754

CVE-2026-27754 affects SODOLA SL902-SWTGW124AS firmware up to version 200.1.20, where a cryptographically broken MD5 hash is used to generate session cookies. This can enable predictable tokens and potential unauthorized access to the device due to MD5 weaknesses and token forgery. The descriptio...

Use of a Broken or Risky Cryptographic Algorithm

Overview hydrolib-core is a Python wrappers around D-HYDRO Suite. Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm via the use of the MD5 hash algorithm in security-sensitive contexts. An attacker can exploit this vulnerability to trigger securi...