EUVD-2026-11758

The Appointment Booking Calendar — Simply Schedule Appointments plugin for WordPress is vulnerable to unauthorized access of sensitive data in all versions up to and including 1.6.9.29. This is due to two compounding weaknesses: 1 a non-user-bound publicnonce is exposed to unauthenticated users...

CVE-2026-3045 Appointment Booking Calendar <= 1.6.9.29 - Missing Authorization to Unauthenticated Sensitive Information Exposure via Settings REST API Endpoint

The Appointment Booking Calendar — Simply Schedule Appointments plugin for WordPress is vulnerable to unauthorized access of sensitive data in all versions up to and including 1.6.9.29. This is due to two compounding weaknesses: 1 a non-user-bound publicnonce is exposed to unauthenticated users...

EUVD-2020-1706

Malware in sbrugna...

EUVD-2025-13703

Malicious code in bioql PyPI...

CVE-2025-20956

Improper export of android application components in Settings in Galaxy Watch prior to SMR May-2025 Release 1 allows physical attackers to access developer settings...

CVE-2025-20956

Improper export of android application components in Settings in Galaxy Watch prior to SMR May-2025 Release 1 allows physical attackers to access developer settings...

CVE-2025-20956

Improper export of android application components in Settings in Galaxy Watch prior to SMR May-2025 Release 1 allows physical attackers to access developer settings...

CVE-2025-20956

Improper export of android application components in Settings in Galaxy Watch prior to SMR May-2025 Release 1 allows physical attackers to access developer settings...

CVE-2025-20956

CVE-2025-20956 corresponds to a vulnerability in Galaxy Watch Settings where improper export of Android application components enables physical attackers to access developer settings. The PT Security entry specifies Galaxy Watch versions prior to SMR May-2025 Release 1 as affected and recommends ...

CVE-2025-20956

Improper export of android application components in Settings in Galaxy Watch prior to SMR May-2025 Release 1 allows physical attackers to access developer settings...

PT-2025-20041 · Samsung · Galaxy Watch

Name of the Vulnerable Software and Affected Versions: Galaxy Watch versions prior to SMR May-2025 Release 1 Description: The issue concerns the improper export of Android application components in the Settings of the Galaxy Watch, allowing physical attackers to access developer settings...

SAMSUNG SMR 安全漏洞

SAMSUNG SMR is a system patch package from the South Korean company Samsung SAMSUNG. It provides patches for Samsung mobile applications. SAMSUNG SMR suffers from a security vulnerability that stems from improper export of Android application components in Settings, which could lead to a physical...

CVE-2023-44954

Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 allows a remote attacker to execute arbitrary code via the ID parameter in the Developer Settings functions...

CVE-2023-44954

Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 allows a remote attacker to execute arbitrary code via the ID parameter in the Developer Settings functions...

Cross site scripting

Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 allows a remote attacker to execute arbitrary code via the ID parameter in the Developer Settings functions...

CVE-2023-44954

BigTree CMS 4.5.7 is affected by a Cross-Site Scripting vulnerability in the Developer Settings function, allowing a remote attacker to execute arbitrary code via the ID parameter. The CVE-2023-44954 description and connected sources (CNVD-2023-93329, NVD, OSV, CNNVD) consistently identify BigTre...

PT-2023-29321 · Unknown · Bigtree Cms

Name of the Vulnerable Software and Affected Versions: BigTree CMS version 4.5.7 Description: The issue allows a remote attacker to execute arbitrary code via the ID parameter in the Developer Settings functions. This is a Cross Site Scripting vulnerability. Recommendations: For BigTree CMS versi...

CVE-2023-44954

Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 allows a remote attacker to execute arbitrary code via the ID parameter in the Developer Settings functions...

CVE-2021-39780

In Traceur, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:...

CVE-2021-39780

In Traceur, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:...