Yoshihito Sakai

**Name of the Vulnerable Software and Affected Versions** Piccoma App versions prior to 6.20.0 **Description** The issue concerns the use of a hard-coded API key for an external service in the Piccoma App, which could potentially allow a local attacker to obtain the API key. It is noted that the users of the app are not directly affected by this issue. **Recommendations** For versions prior to 6.20.0, update to version 6.20.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Android Spoon application versions 7.11.1 through 8.6.0 **Description** The issue concerns the use of hard-coded credentials in the application, which could allow a local attacker to retrieve a hard-coded API key by reverse-engineering the application binary. This API key could then be used for unauthorized access to the associated service. **Recommendations** For Android Spoon application versions 7.11.1 through 8.6.0, consider removing or securely storing the hard-coded API key to prevent unauthorized access until a patch is available. As a temporary workaround, restrict access to the application's binary to minimize the risk of reverse-engineering.