CVE-2026-5420

A security flaw has been discovered in Shinrays Games Goods Triple App up to 1.200. The affected element is an unknown function of the file jRwTX.java of the component cats.goods.sort.sorting.games. Performing a manipulation of the argument AESIV/AESPASSWORD results in use of hard-coded...

CVE-2015-10148 Hirschmann HiLCOS Hard-coded Credentials SSH SSL Keys

Hirschmann HiLCOS devices OpenBAT, WLC, BAT300, BAT54 prior to 8.80 and OpenBAT prior to 9.10 are shipped with identical default SSH and SSL keys that cannot be changed, allowing unauthenticated remote attackers to decrypt or intercept encrypted management communications. Attackers can perform...

CVE-2015-10148

CVE-2015-10148 concerns Hirschmann HiLCOS devices: OpenBAT, WLC, BAT300, BAT54 prior to 8.80 and OpenBAT prior to 9.10 are shipped with identical default SSH and SSL keys that cannot be changed. This enables unauthenticated remote attackers to decrypt or intercept encrypted management communicati...

CVE-2025-10681 Gardyn Mobile Application and Device Firmware Use Hard-coded Credentials

Storage credentials are hardcoded in the mobile app and device firmware. These credentials do not adequately limit end user permissions and do not expire within a reasonable amount of time. This vulnerability may grant unauthorized access to production storage containers...

CVE-2025-10681 Gardyn Mobile Application and Device Firmware Use Hard-coded Credentials

Storage credentials are hardcoded in the mobile app and device firmware. These credentials do not adequately limit end user permissions and do not expire within a reasonable amount of time. This vulnerability may grant unauthorized access to production storage containers...

CVE-2025-10681

Gardyn CVE-2025-10681 affects the Gardyn mobile app and device firmware, which hardcode Azure Blob Storage account keys granting account‑level access to three storage accounts. Impact includes read access to ~115k camera images, read/write to OTA firmware storage (enabling supply chain risk), acc...

EUVD-2026-18799

A vulnerability was detected in Investory Toy Planet Trouble App up to 1.5.5 on Android. Impacted is an unknown function of the file assets/google-services-desktop.json of the component app.investory.toyfactory. The manipulation of the argument currentkey results in use of hard-coded cryptographi...

CVE-2026-5471

A vulnerability was detected in Investory Toy Planet Trouble App up to 1.5.5 on Android. Impacted is an unknown function of the file assets/google-services-desktop.json of the component app.investory.toyfactory. The manipulation of the argument currentkey results in use of hard-coded cryptographi...

CVE-2026-5471

A vulnerability was detected in Investory Toy Planet Trouble App up to 1.5.5 on Android. Impacted is an unknown function of the file assets/google-services-desktop.json of the component app.investory.toyfactory. The manipulation of the argument currentkey results in use of hard-coded cryptographi...

CVE-2026-5471 Investory Toy Planet Trouble App app.investory.toyfactory google-services-desktop.json hard-coded key

A vulnerability was detected in Investory Toy Planet Trouble App up to 1.5.5 on Android. Impacted is an unknown function of the file assets/google-services-desktop.json of the component app.investory.toyfactory. The manipulation of the argument currentkey results in use of hard-coded cryptographi...

CVE-2026-5471 Investory Toy Planet Trouble App app.investory.toyfactory google-services-desktop.json hard-coded key

A vulnerability was detected in Investory Toy Planet Trouble App up to 1.5.5 on Android. Impacted is an unknown function of the file assets/google-services-desktop.json of the component app.investory.toyfactory. The manipulation of the argument currentkey results in use of hard-coded cryptographi...

CVE-2026-5471

Investory Toy Planet Trouble App (Android) up to v1.5.5 is affected by CVE-2026-5471 in the component app.investory.toyfactory, specifically the file assets/google-services-desktop.json. The issue arises from manipulation of the argument current_key, leading to the use of a hard-coded cryptograph...

EUVD-2026-18603

A vulnerability was determined in Dialogue App up to 4.3.2 on Android. The affected element is an unknown function of the file file res/raw/config.json of the component ca.diagram.dialogue. Executing a manipulation of the argument SEGMENTWRITEKEY can lead to use of hard-coded cryptographic key...

EUVD-2026-18605

A vulnerability was identified in Align Technology My Invisalign App 3.12.4 on Android. The impacted element is an unknown function of the file com/aligntech/myinvisalign/BuildConfig.java of the component com.aligntech.myinvisalign.emea. The manipulation of the argument CDAACCESSTOKEN leads to us...

EUVD-2026-18613

A vulnerability was identified in Wahoo Fitness SYSTM App up to 7.2.1 on Android. Impacted is an unknown function of the file com/WahooFitness/SYSTM/BuildConfig.java of the component com.WahooFitness.SYSTM. Such manipulation of the argument SEGMENTWRITEKEY leads to use of hard-coded cryptographic...

EUVD-2026-18607

A security flaw has been discovered in PropertyGuru AgentNet Singapore App up to 23.7.10 on Android. This affects an unknown function of the file com/allproperty/android/agentnet/BuildConfig.java of the component com.allproperty.android.agentnet. The manipulation of the argument...

EUVD-2026-18611

A weakness has been identified in Noelse Individuals & Pro App up to 2.1.7 on Android. This impacts an unknown function of the file com/reactnative/antelop/BuildConfig.java of the component com.afone.noelse. This manipulation of the argument SEGMENTWRITEKEY causes use of hard-coded cryptographic...

CVE-2026-5462

A vulnerability was identified in Wahoo Fitness SYSTM App up to 7.2.1 on Android. Impacted is an unknown function of the file com/WahooFitness/SYSTM/BuildConfig.java of the component com.WahooFitness.SYSTM. Such manipulation of the argument SEGMENTWRITEKEY leads to use of hard-coded cryptographic...

CVE-2026-5458

A weakness has been identified in Noelse Individuals & Pro App up to 2.1.7 on Android. This impacts an unknown function of the file com/reactnative/antelop/BuildConfig.java of the component com.afone.noelse. This manipulation of the argument SEGMENTWRITEKEY causes use of hard-coded cryptographic...

CVE-2026-5455

A vulnerability was determined in Dialogue App up to 4.3.2 on Android. The affected element is an unknown function of the file file res/raw/config.json of the component ca.diagram.dialogue. Executing a manipulation of the argument SEGMENTWRITEKEY can lead to use of hard-coded cryptographic key...