Out-of-bounds write in detaching crypto box in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory.

Improper access control in PkgPredictorService prior to SMR Aug-2025 Release 1 in Chinese Android 13, 14, 15 and 16 allows local attackers to use the privileged APIs.

Path Traversal in Document scanner prior to SMR Aug-2025 Release 1 allows local attackers to delete file with Document scanner's privilege.

Improper export of android application component in Emergency SoS prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information.

Improper access control in SemSensorManager for Galaxy Watch prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information related to outdoor exercise and sleep time.

Improper access control in fall detection for Galaxy Watch prior to SMR Aug-2025 Release 1 allows local attackers to modify fall detection configuration.

Improper access control in SemSensorService for Galaxy Watch prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information related to motion and body sensors.

Improper privilege management in SamsungAccount prior to SMR Aug-2025 Release 1 allows local privileged attackers to deactivate Samsung account.

Improper access control in accessing system device node prior to SMR Aug-2025 Release 1 allows local attackers to access device identifier.

The Reveal Listing plugin by smartdatasoft for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.3. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'listing_user_role' field. This makes it possible for…