CVE-2026-5457 PropertyGuru AgentNet Singapore App com.allproperty.android.agentnet BuildConfig.java hard-coded key

A security flaw has been discovered in PropertyGuru AgentNet Singapore App up to 23.7.10 on Android. This affects an unknown function of the file com/allproperty/android/agentnet/BuildConfig.java of the component com.allproperty.android.agentnet. The manipulation of the argument...

CVE-2026-5457

PropertyGuru AgentNet Singapore App (Android, up to v23.7.10) has a flaw in com.allproperty.android.agentnet.BuildConfig.java where manipulating SEGMENT_ANDROID_WRITE_KEY/SEGMENT_TOS_WRITE_KEY leads to use of a hard-coded cryptographic key. The attack requires local access; the exploit has been r...

CVE-2026-5455 Dialogue App ca.diagram.dialogue config.json hard-coded key

A vulnerability was determined in Dialogue App up to 4.3.2 on Android. The affected element is an unknown function of the file file res/raw/config.json of the component ca.diagram.dialogue. Executing a manipulation of the argument SEGMENTWRITEKEY can lead to use of hard-coded cryptographic key...

CVE-2026-5453

A vulnerability has been found in Rico só vantagem pra investir App up to 4.58.32.12421 on Android. This issue affects some unknown processing of the file br/com/rico/mobile/di/SegmentSettingsModule.java of the component br.com.rico.mobile. Such manipulation of the argument SEGMENTWRITEKEY leads ...

CVE-2026-5454

A vulnerability was found in GRID Organiser App up to 1.0.5 on Android. Impacted is an unknown function of the file file res/raw/app.json of the component co.gridapp.organiser. Performing a manipulation of the argument SegmentWriteKey results in use of hard-coded cryptographic key . The attack is...

CVE-2026-32925

V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom. Opening a crafted V7 file may lead to arbitrary code execution on the affected product...

CVE-2026-5453

A vulnerability has been found in Rico só vantagem pra investir App up to 4.58.32.12421 on Android. This issue affects some unknown processing of the file br/com/rico/mobile/di/SegmentSettingsModule.java of the component br.com.rico.mobile. Such manipulation of the argument SEGMENTWRITEKEY leads ...

CVE-2026-5453 Rico só vantagem pra investir App br.com.rico.mobile SegmentSettingsModule.java hard-coded key

A vulnerability has been found in Rico só vantagem pra investir App up to 4.58.32.12421 on Android. This issue affects some unknown processing of the file br/com/rico/mobile/di/SegmentSettingsModule.java of the component br.com.rico.mobile. Such manipulation of the argument SEGMENTWRITEKEY leads ...

CVE-2026-35537

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session handler may lead to arbitrary file write operations by unauthenticated attackers via crafted session data...

CVE-2026-35537

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session handler may lead to arbitrary file write operations by unauthenticated attackers via crafted session data...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the POST multipart upload process. An attacker can write arbitrary files to any existing directory on the filesystem by crafting a specially constructed URL path containing directory traversal sequences and...

goshs: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs POST multipart upload

Summary POST multipart upload directory not sanitized | httpserver/updown.go:71-174 This finding affect the default configuration, no flags or authentication required. Details File: httpserver/updown.go:71-174 Trigger: POST //upload server.go:49-51 checks HasSuffixr.URL.Path, "/upload" The filena...

GHSA-JG56-WF8X-QRV5 goshs: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs POST multipart upload

Summary POST multipart upload directory not sanitized | httpserver/updown.go:71-174 This finding affect the default configuration, no flags or authentication required. Details File: httpserver/updown.go:71-174 Trigger: POST //upload server.go:49-51 checks HasSuffixr.URL.Path, "/upload" The filena...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the put function. An attacker can write arbitrary files to any location on the filesystem by sending crafted HTTP PUT requests with specially constructed paths that traverse directories. PoC !/usr/bin/env bash...

goshs: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs PUT Upload

Summary PUT upload has no path sanitization | httpserver/updown.go:20-69 This finding affects the default configuration, no flags or authentication required. Details File: httpserver/updown.go:20-69 Trigger: PUT / server.go:57-59 routes directly to put The handler uses req.URL.Path raw to build t...

CVE-2026-35537

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session handler may lead to arbitrary file write operations by unauthenticated attackers via crafted session data...

CVE-2026-35537

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session handler may lead to arbitrary file write operations by unauthenticated attackers via crafted session data...

GHSA-MWMH-MQ4G-G6GR Electron: Registry key path injection in app.setAsDefaultProtocolClient on Windows

Impact On Windows, app.setAsDefaultProtocolClientprotocol did not validate the protocol name before writing to the registry. Apps that pass untrusted input as the protocol name may allow an attacker to write to arbitrary subkeys under HKCU\Software\Classes, potentially hijacking existing protocol...

PT-2026-30141

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw where the aqc111 suspend function calls the PM variant of its write cmd routine, leading to a task hang during resume operations. Specifically, the issue...

Rico só vantagem pra investir App 安全漏洞

Rico só vantagem pra investir App is a digital investment application developed by the Brazilian company Rico. The version 4.58.32.12421 and earlier versions of Rico só vantagem pra investir App have security vulnerabilities, which stem from the use of a hardcoded encryption key for the parameter...