Improper Verification of Intent by Broadcast Receiver in DeviceIdService prior to SMR Apr-2025 Release 1 allows local attackers to reset OAID.

Improper access control in InputManager to SMR Apr-2025 Release 1 allows local attackers to access the scancode of specific input device.

Improper handling of insufficient permission in Samsung Device Health Manager Service prior to SMR Apr-2025 Release 1 allows local attackers to access provider in SDMHS.

Improper access control in SamsungContacts prior to SMR Apr-2025 Release 1 allows local attackers to access protected data in SamsungContacts.

Improper access control in HDCP trustlet prior to SMR Apr-2025 Release 1 allows local attackers with shell privilege to escalate their privileges to root.

Improper handling of insufficient permission or privileges in ClipboardService prior to SMR Apr-2025 Release 1 allows local attackers to access files with system privilege. User interaction is required for triggering this vulnerability.

Improper access control in Sticker Center prior to SMR Apr-2025 Release 1 allows local attackers to access image files with system privilege.

A vulnerability classified as critical has been found in Nothings stb up to f056911. This affects the function stb_include_string. The manipulation of the argument path_to_includes leads to stack-based buffer overflow. It is possible to initiate the attack remotely. This product does not use versio…

The Simple WP Events plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpe_delete_file AJAX action in all versions up to, and including, 1.8.17. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, …

The Melhor Envio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.15.11 via the 'run' function, which uses a hardcoded hash. This makes it possible for unauthenticated attackers to extract sensitive data including environment information, …