CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/04/03 2:45 a.m.•5 views

CVE-2026-5452

CVE-2026-5452 affects the UCC CampusConnect App (Android) up to version 14.3.5, in the campusconnect.BuildConfig.java file where a hard-coded cryptographic key is used. This flaw enables local exploitation and arises from manipulating the hard-coded key, with the exploit published and potentially...

Positive Technologies•added 2026/04/03 12:0 a.m.•2 views

PT-2026-29976

CNNVD•added 2026/04/03 12:0 a.m.•3 views

CampusConnect 安全漏洞

CampusConnect is a university social networking application developed by CampusConnect in Ireland. Versions of CampusConnect prior to 14.3.5 contained a security vulnerability due to the use of hard-coded encryption keys...

4.8CVSS5.8AI score0.00005EPSS

Positive Technologies•added 2026/04/03 12:0 a.m.•1 views

PT-2026-29990

A vulnerability was identified in Align Technology My Invisalign App 3.12.4 on Android. The impacted element is an unknown function of the file com/aligntech/myinvisalign/BuildConfig.java of the component com.aligntech.myinvisalign.emea. The manipulation of the argument CDAACCESS TOKEN leads to u...

4.8CVSS5.5AI score0.00014EPSS

Positive Technologies•added 2026/04/03 12:0 a.m.•3 views

PT-2026-29993

A weakness has been identified in Noelse Individuals & Pro App up to 2.1.7 on Android. This impacts an unknown function of the file com/reactnative/antelop/BuildConfig.java of the component com.afone.noelse. This manipulation of the argument SEGMENT WRITE KEY causes use of hard-coded cryptographi...

Positive Technologies•added 2026/04/03 12:0 a.m.•2 views

PT-2026-29987

A vulnerability was found in GRID Organiser App up to 1.0.5 on Android. Impacted is an unknown function of the file file res/raw/app.json of the component co.gridapp.organiser. Performing a manipulation of the argument SegmentWriteKey results in use of hard-coded cryptographic key . The attack is...

Positive Technologies•added 2026/04/03 12:0 a.m.•2 views

PT-2026-29989

A vulnerability was determined in Dialogue App up to 4.3.2 on Android. The affected element is an unknown function of the file file res/raw/config.json of the component ca.diagram.dialogue. Executing a manipulation of the argument SEGMENT WRITE KEY can lead to use of hard-coded cryptographic key...

4.8CVSS5.4AI score0.00012EPSS

Positive Technologies•added 2026/04/03 12:0 a.m.•3 views

PT-2026-29995

A vulnerability was identified in Wahoo Fitness SYSTM App up to 7.2.1 on Android. Impacted is an unknown function of the file com/WahooFitness/SYSTM/BuildConfig.java of the component com.WahooFitness.SYSTM. Such manipulation of the argument SEGMENT WRITE KEY leads to use of hard-coded cryptograph...

4.8CVSS5.6AI score0.00011EPSS

Positive Technologies•added 2026/04/03 12:0 a.m.•2 views

PT-2026-30194

A vulnerability was detected in Investory Toy Planet Trouble App up to 1.5.5 on Android. Impacted is an unknown function of the file assets/google-services-desktop.json of the component app.investory.toyfactory. The manipulation of the argument current key results in use of hard-coded cryptograph...

4.8CVSS5.5AI score0.00005EPSS

NVD•added 2026/04/02 8:16 p.m.•1 views

CVE-2026-5420

A security flaw has been discovered in Shinrays Games Goods Triple App up to 1.200. The affected element is an unknown function of the file jRwTX.java of the component cats.goods.sort.sorting.games. Performing a manipulation of the argument AESIV/AESPASSWORD results in use of hard-coded...

2.5CVSS0.00014EPSS

Cvelist•added 2026/04/02 7:0 p.m.•17 views

CVE-2026-5420 Shinrays Games Goods Triple App cats.goods.sort.sorting.games jRwTX.java hard-coded key

2.5CVSS0.00014EPSS

Vulnrichment•added 2026/04/02 7:0 p.m.•1 views

CVE-2026-5420 Shinrays Games Goods Triple App cats.goods.sort.sorting.games jRwTX.java hard-coded key

CVE•added 2026/04/02 7:0 p.m.•4 views

CVE-2026-5420

CVE-2026-5420 affects Shinrays Games Goods Triple App (up to 1.200), specifically the component cats.goods.sort.sorting.games and the file jRwTX.java. The issue arises from manipulating AES_IV/AES_PASSWORD, resulting in the use of a hard-coded cryptographic key. Local attack is required with high...

ATTACKERKB•added 2026/04/02 7:0 p.m.•1 views

CVE-2026-5420

Exploits0References4Affected Software1

IBM Security Bulletins•added 2026/04/02 6:43 p.m.•1 views

Security Bulletin: IBM i is Affected by Use of Hard-coded Cryptographic Key, Cross-site Scripting, and Prototype Pollution Vulnerabilities in IBM WebSphere Application Server Liberty [CVE-2025-14923, CVE-2025-12635, CVE-2026-29063]

Summary IBM WebSphere Application Server Liberty for IBM i is vulnerable to providing weaker than expected security CVE-2025-14923, improper validation of user-supplied input CVE-2025-12635, and improperly controlled modification of object prototype attributes in the Immutable package...

9.8CVSS5.7AI score0.0008EPSS

Exploits1Affected Software6

RedhatCVE•added 2026/04/02 4:57 p.m.•1 views

CVE-2026-5310

A vulnerability was identified in Enter Software Iperius Backup up to 8.7.2. This impacts an unknown function of the file IperiusAccounts.ini. Such manipulation leads to use of hard-coded cryptographic key . The attack must be carried out locally. This attack is characterized by high complexity...

2.5CVSS5.2AI score0.00014EPSS

Exploits0References1

ICS•added 2026/04/02 1:54 p.m.•1 views

Zscaler Client Connector hard-coded proxy configuration domain

RISK EVALUATION ZScaler Client Connector 4.7 and 4.8 on Microsoft Windows hard codes a domain used to retrieve proxy configuration information. An attacker with control of this domain could provide arbitrary proxy configurations and intercept, redirect or disrupt traffic. 2. RECOMMENDED...

5.4CVSS6AI score0.00092EPSS

Exploits0References1

Positive Technologies•added 2026/04/02 12:0 a.m.•2 views

PT-2026-29885