4.8
CVE-2026-5456 - Align Technology My Invisalign App com.aligntech.myinvisalign.emea BuildConfig.java hard-coded key
A vulnerability was identified in Align Technology My Invisalign App 3.12.4 on Android. The impacted element is an unknown function of the file com/aligntech/myinvisalign/BuildConfig.java of the component com.aligntech.myinvisalign.emea. The manipulation of the argument CDAACCESS_TOKEN leads to useβ¦
4.8
CVE-2026-5455 - Dialogue App ca.diagram.dialogue config.json hard-coded key
A vulnerability was determined in Dialogue App up to 4.3.2 on Android. The affected element is an unknown function of the file fileΒ res/raw/config.json of the component ca.diagram.dialogue. Executing a manipulation of the argument SEGMENT_WRITE_KEY can lead to use of hard-coded cryptographic key .β¦
6.5
CVE-2026-35549 - MariaDB Server: MariaDB Server: Denial of Service via large packet with caching_sha2_password autheβ¦
An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the caching_sha2_password authentication plugin is installed, and some user accounts are configured to use it, a large packet can crash the server because sha256_crypt_r uses alβ¦
4.8
CVE-2026-5454 - GRID Organiser App co.gridapp.organiser app.json hard-coded key
A vulnerability was found in GRID Organiser App up to 1.0.5 on Android. Impacted is an unknown function of the file fileΒ res/raw/app.json of the component co.gridapp.organiser. Performing a manipulation of the argument SegmentWriteKey results in use of hard-coded cryptographic key . The attack is β¦
9.3
CVE-2026-5463 - Command Injection in pymetasploit3 Enables Arbitrary Command Execution
Command injection vulnerability in console.run_module_with_output() in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks the intended command structure and causes the Metasploit console to execute additional unintended β¦
4.8
CVE-2026-5453 - Rico sΓ³ vantagem pra investir App br.com.rico.mobile SegmentSettingsModule.java hard-coded key
A vulnerability has been found in Rico sΓ³ vantagem pra investir App up to 4.58.32.12421 on Android. This issue affects some unknown processing of the file br/com/rico/mobile/di/SegmentSettingsModule.java of the component br.com.rico.mobile. Such manipulation of the argument SEGMENT_WRITE_KEY leads β¦
5.3
CVE-2026-35545 - SVG Bypass of Remote Image Blocking in Roundcube Webmail
An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via SVG content in an e-mail message. This may lead to information disclosure or access-control bypass. This involves the animate element with attributeName=fill/filter/stroke.
5.3
CVE-2026-35544 -
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to a fixed-position mitigation bypass via the use of !important.
5.3
CVE-2026-35543 -
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via SVG content (with animate attributes) in an e-mail message. This may lead to information disclosure or access-control bypass.
5.3
CVE-2026-35542 -
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via a crafted background attribute of a BODY element in an e-mail message. This may lead to information disclosure or access-control bypass.