CVE-2025-10681

Storage credentials are hardcoded in the mobile app and device firmware. These credentials do not adequately limit end user permissions and do not expire within a reasonable amount of time. This vulnerability may grant unauthorized access to production storage containers...

PT-2026-30258

GarrettCom Magnum 6K and 10K managed switches contain an authentication bypass vulnerability that allows unauthenticated attackers to gain unauthorized access by exploiting a hardcoded string in the authentication mechanism. Attackers can bypass login controls to access administrative functions a...

Dialogue App 安全漏洞

Dialogue App is an artificial intelligence dialogue application developed by Dialogue Company. Versions of Dialogue App 4.3.2 and earlier contained security vulnerabilities, which were caused by the use of a hardcoded encryption key for the parameter SEGMENTWRITEKEY...

Align My Invisalign App 安全漏洞

Align My Invisalign App is an application developed by Align Company, designed to support orthodontic treatment. Version 3.12.4 of Align My Invisalign App contains a security vulnerability, which stems from the use of hardcoded encryption keys for the parameter CDAACCESSTOKEN...

PT-2026-29986

A vulnerability has been found in Rico só vantagem pra investir App up to 4.58.32.12421 on Android. This issue affects some unknown processing of the file br/com/rico/mobile/di/SegmentSettingsModule.java of the component br.com.rico.mobile. Such manipulation of the argument SEGMENT WRITE KEY lead...

Credential Leakage in LLM Agent Skills: A Large-Scale Empirical Study

Third-party skills extend LLM agents with powerful capabilities but often handle sensitive credentials in privileged environments, making leakage risks poorly understood. We present the first large-scale empirical study of this problem, analyzing 17,022 skills sampled from 170,226 on SkillsMP usi...

Investory Toy Planet Trouble App 安全漏洞

Investory Toy Planet Trouble App is an educational adventure game app developed by Investory. Versions of Investory Toy Planet Trouble App prior to 1.5.5 contained a security vulnerability, which was caused by the use of a hardcoded encryption key for the parameter currentkey...

Sumi Interactive GRID Organiser 安全漏洞

Sumi Interactive GRID Organizer is an activity planning and management application developed by Sumi Interactive in China. Versions of Sumi Interactive GRID Organizer prior to 1.0.5 contained security vulnerabilities, which were caused by the use of hardcoded encryption keys for the Parameter...

Noelse Individuals & Pro App 安全漏洞

Noelse Individuals & Pro App is a financial services app developed by the French company Noelse, designed for individual and professional users to manage online accounts, handle payments, and access financial tools. The Noelse Individuals & Pro App versions 2.1.7 and earlier contain security...

Belden GarrettCom Magnum 6K和Belden GarrettCom Magnum 10K 信任管理问题漏洞

Both the Belden GarrettCom Magnum 6K and the Belden GarrettCom Magnum 10K are modular industrial Ethernet switches produced by the American company Belden. Both devices have vulnerabilities related to trust management. These vulnerabilities stem from hardcoded strings within the authentication...

Gardyn Home Kit Cloud API和Gardyn Mobile Application 信任管理问题漏洞

Gardyn Home Kit Cloud API and Gardyn Mobile Application are products of the American company Gardyn. Gardyn Home Kit Cloud API is an indoor hydroponic cultivation system. Gardyn Mobile Application is a mobile control application. There are security vulnerabilities in Gardyn Home Kit Cloud API and...

PT-2026-30224

Name of the Vulnerable Software and Affected Versions Storage credentials in mobile app and device firmware affected versions not specified Description The mobile app and device firmware contain hardcoded storage credentials that do not adequately limit end user permissions and do not expire with...

Wahoo Fitness SYSTM App 安全漏洞

The Wahoo Fitness SYSTM App is a comprehensive structured training app developed by Wahoo Fitness in the United States. The Wahoo Fitness SYSTM App versions 7.2.1 and earlier contained security vulnerabilities, which stemmed from the use of hardcoded encryption keys for the SEGMENTWRITEKEY...

Rico só vantagem pra investir App 安全漏洞

Rico só vantagem pra investir App is a digital investment application developed by the Brazilian company Rico. The version 4.58.32.12421 and earlier versions of Rico só vantagem pra investir App have security vulnerabilities, which stem from the use of a hardcoded encryption key for the parameter...

PropertyGuru AgentNet Singapore App 安全漏洞

The PropertyGuru AgentNet Singapore App is a mobile application used by PropertyGuru in Singapore as an real estate agency. The PropertyGuru AgentNet Singapore App versions prior to 23.7.10 contained a security vulnerability, which was caused by the use of hardcoded encryption keys for parameters...

PT-2026-29992

A security flaw has been discovered in PropertyGuru AgentNet Singapore App up to 23.7.10 on Android. This affects an unknown function of the file com/allproperty/android/agentnet/BuildConfig.java of the component com.allproperty.android.agentnet. The manipulation of the argument SEGMENT ANDROID...

MAL-2026-2431 Malicious code in nwin32tls (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a47778618cad57dbc584afdff7ed138032b69c423a9812e1bc8f86c13129f01d Importing the module starts a loop that listens to key strokes and on every capslock press exfiltrates screenshot to a hardcoded location. --- Category:...

CVE-2026-25601

A vulnerability was identified in MEPIS RM, an industrial software product developed by Metronik. The application contained a hardcoded cryptographic key within the Mx.Web.ComponentModel.dll component. When the option to store domain passwords was enabled, this key was used to encrypt user...

Shinrays Games Goods Triple App 安全漏洞

Shinrays Games Goods Triple App is an application for trading virtual game goods by Shinrays Games. Versions of Shinrays Games Goods Triple App 1.200 and earlier contained a security vulnerability. This vulnerability stemmed from incorrect handling of parameters AESIV/AESPASSWORD in the jRwTX.jav...

GHSA-HQXF-MHFW-RC44 AVideo: CSRF on Plugin Enable/Disable Endpoint Allows Disabling Security Plugins

Summary The AVideo endpoint objects/pluginSwitch.json.php allows administrators to enable or disable any installed plugin. The endpoint checks for an active admin session but does not validate a CSRF token. Additionally, the plugins database table is explicitly listed in ignoreTableSecurityCheck,...