CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/04/08 6:20 p.m.•1 views

CVE-2026-20709

6.6CVSS5.8AI score0.00019EPSS

Cvelist•added 2026/04/08 6:20 p.m.•14 views

CVE-2026-20709

6.6CVSS0.00019EPSS

Positive Technologies•added 2026/04/08 12:0 a.m.•2 views

PT-2026-31422

6.6CVSS5.8AI score0.00019EPSS

Exploits0References2

RedhatCVE•added 2026/04/07 5:12 a.m.•0 views

CVE-2026-5622

A vulnerability was determined in hcengineering Huly Platform 0.7.382. Affected by this issue is some unknown functionality of the file foundations/core/packages/token/src/token.ts of the component JWT Token Handler. This manipulation of the argument SERVERSECRET with the input secret causes use ...

6.3CVSS5.3AI score0.00038EPSS

Positive Technologies•added 2026/04/06 12:0 a.m.•3 views

PT-2026-30565

6.3CVSS5.3AI score0.00038EPSS

ATTACKERKB•added 2026/04/05 7:45 a.m.•1 views

CVE-2026-5549

A vulnerability was determined in Tenda AC10 16.03.10.10multiTDE01. Affected by this issue is some unknown functionality of the file /webrootro/pem/privkeySrv.pem of the component RSA 2048-bit Private Key Handler. Executing a manipulation can lead to use of hard-coded cryptographic key . The atta...

6.9CVSS5.6AI score0.00054EPSS

Exploits0References5Affected Software1

Vulnrichment•added 2026/04/04 11:15 p.m.•1 views

CVE-2026-5527 Tenda 4G03 Pro ECDSA P-256 Private Key server.key hard-coded key

A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Private Key Handler. This manipulation causes use of hard-coded cryptographic key . It is possible t...

6.9CVSS5.9AI score0.00013EPSS

CVE•added 2026/04/04 11:15 p.m.•5 views

CVE-2026-5527

CVE-2026-5527 affects Tenda 4G03 Pro (versions 1.0/1.0re/01.bin/04.03.01.53). The issue resides in the ECDSA P-256 Private Key Handler, specifically the /etc/www/pem/server.key, where a hard-coded private key is used. This allows a remote attacker to exploit the vulnerability over the network wit...

6.9CVSS5.9AI score0.00013EPSS

Exploits0References4Affected Software1

ATTACKERKB•added 2026/04/03 3:45 p.m.•2 views

CVE-2026-5471

A vulnerability was detected in Investory Toy Planet Trouble App up to 1.5.5 on Android. Impacted is an unknown function of the file assets/google-services-desktop.json of the component app.investory.toyfactory. The manipulation of the argument currentkey results in use of hard-coded cryptographi...

4.8CVSS5.5AI score0.00005EPSS

Exploits0References4Affected Software1

NVD•added 2026/04/03 7:16 a.m.•0 views

CVE-2026-5458

A weakness has been identified in Noelse Individuals & Pro App up to 2.1.7 on Android. This impacts an unknown function of the file com/reactnative/antelop/BuildConfig.java of the component com.afone.noelse. This manipulation of the argument SEGMENTWRITEKEY causes use of hard-coded cryptographic...

4.8CVSS0.00005EPSS

Cvelist•added 2026/04/03 7:15 a.m.•18 views

CVE-2026-5462 Wahoo Fitness SYSTM App com.WahooFitness.SYSTM BuildConfig.java hard-coded key

A vulnerability was identified in Wahoo Fitness SYSTM App up to 7.2.1 on Android. Impacted is an unknown function of the file com/WahooFitness/SYSTM/BuildConfig.java of the component com.WahooFitness.SYSTM. Such manipulation of the argument SEGMENTWRITEKEY leads to use of hard-coded cryptographic...

4.8CVSS0.00011EPSS

Vulnrichment•added 2026/04/03 6:30 a.m.•1 views

CVE-2026-5457 PropertyGuru AgentNet Singapore App com.allproperty.android.agentnet BuildConfig.java hard-coded key

A security flaw has been discovered in PropertyGuru AgentNet Singapore App up to 23.7.10 on Android. This affects an unknown function of the file com/allproperty/android/agentnet/BuildConfig.java of the component com.allproperty.android.agentnet. The manipulation of the argument...

CVE•added 2026/04/03 6:30 a.m.•7 views

CVE-2026-5457

PropertyGuru AgentNet Singapore App (Android, up to v23.7.10) has a flaw in com.allproperty.android.agentnet.BuildConfig.java where manipulating SEGMENT_ANDROID_WRITE_KEY/SEGMENT_TOS_WRITE_KEY leads to use of a hard-coded cryptographic key. The attack requires local access; the exploit has been r...

Vulnrichment•added 2026/04/03 6:15 a.m.•1 views

CVE-2026-5456 Align Technology My Invisalign App com.aligntech.myinvisalign.emea BuildConfig.java hard-coded key

A vulnerability was identified in Align Technology My Invisalign App 3.12.4 on Android. The impacted element is an unknown function of the file com/aligntech/myinvisalign/BuildConfig.java of the component com.aligntech.myinvisalign.emea. The manipulation of the argument CDAACCESSTOKEN leads to us...

4.8CVSS5.5AI score0.00014EPSS

CVE•added 2026/04/03 6:15 a.m.•6 views

CVE-2026-5456

The CVE-2026-5456 entry affects Align Technology My Invisalign App 3.12.4 on Android, targeting the component com.aligntech.myinvisalign.emea via the file path com/aligntech/myinvisin.../BuildConfig.java (unknown function). The vulnerability arises from manipulation of the argument CDAACCESS_TOKE...

4.8CVSS5.5AI score0.00014EPSS

NVD•added 2026/04/03 4:17 a.m.•3 views

CVE-2026-5452

A flaw has been found in UCC CampusConnect App up to 14.3.5 on Android. This vulnerability affects unknown code of the file campusconnect/BuildConfig.java of the component campusconnect.ucc. This manipulation causes use of hard-coded cryptographic key . The attack can only be executed locally. Th...

4.8CVSS0.00005EPSS

Vulnrichment•added 2026/04/03 2:45 a.m.•1 views

CVE-2026-5452 UCC CampusConnect App campusconnect.ucc BuildConfig.java hard-coded key

CVE•added 2026/04/03 2:45 a.m.•4 views

CVE-2026-5452

CVE-2026-5452 affects the UCC CampusConnect App (Android) up to version 14.3.5, in the campusconnect.BuildConfig.java file where a hard-coded cryptographic key is used. This flaw enables local exploitation and arises from manipulating the hard-coded key, with the exploit published and potentially...

ATTACKERKB•added 2026/04/03 2:45 a.m.•1 views

CVE-2026-5452