CVE-2025-20956

CVE-2025-20956 corresponds to a vulnerability in Galaxy Watch Settings where improper export of Android application components enables physical attackers to access developer settings. The PT Security entry specifies Galaxy Watch versions prior to SMR May-2025 Release 1 as affected and recommends ...

CVE-2025-20956

Improper export of android application components in Settings in Galaxy Watch prior to SMR May-2025 Release 1 allows physical attackers to access developer settings...

CVE-2025-20956

Improper export of android application components in Settings in Galaxy Watch prior to SMR May-2025 Release 1 allows physical attackers to access developer settings...

PT-2025-20041 · Samsung · Galaxy Watch

Name of the Vulnerable Software and Affected Versions: Galaxy Watch versions prior to SMR May-2025 Release 1 Description: The issue concerns the improper export of Android application components in the Settings of the Galaxy Watch, allowing physical attackers to access developer settings...

SAMSUNG SMR 安全漏洞

SAMSUNG SMR is a system patch package from the South Korean company Samsung SAMSUNG. It provides patches for Samsung mobile applications. SAMSUNG SMR suffers from a security vulnerability that stems from improper export of Android application components in Settings, which could lead to a physical...

WordPress WZ Followed Posts plugin <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by muhammad yudha in WordPress Plugin WZ Followed Posts - Display what visitors are reading versions = 3.1.0...

Authoring Custom Spin Templates

Learn how to create, distribute, and install custom templates for Spin CLI to boost developer productivity and meet regulatory compliance...

MRCMS 代码注入漏洞

MRCMS is a content management system by marker personal developer. A code injection vulnerability exists in MRCMS version 3.1.2, which originates from improper manipulation of the file /admin/chip/add.do in the component Add Fragment Page, which could lead to a cross-site scripting attack...

WordPress User Registration plugin <= 4.2.1 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion vulnerability

Insecure Direct Object Reference to Unauthenticated Limited User Deletion vulnerability discovered by wesley wcraft in WordPress Plugin User Registration versions = 4.2.1...

WordPress Envolve plugin <= 1.0 - Unauthenticated Language File Deletion vulnerability

Unauthenticated Language File Deletion vulnerability discovered by István Márton in WordPress Plugin Envolve Plugin versions = 1.0...

XMall 安全漏洞

XMall is a distributed e-commerce shopping mall based on SOA architecture by an individual developer at Exrick. A security vulnerability exists in XMall v1.1, which stems from improper /index access control and could lead to bypassing authentication...

WordPress Nomupay Payment Processing Gateway plugin <= 7.1.7 - Arbitrary File Download Vulnerability

Arbitrary File Download Vulnerability discovered by astra.r3verii in WordPress Plugin Nomupay Payment Processing Gateway versions = 7.1.7...

WordPress EC Authorize.net plugin <= 0.3.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by johska in WordPress Plugin EC Authorize.net versions = 0.3.3...

WordPress Product Category Slider for WooCommerce plugin <= 4.3.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by muhammad yudha Patchstack Alliance in WordPress Plugin Product Category Slider for WooCommerce versions = 4.3.4...

WordPress Nautic Pages plugin <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by muhammad yudha in WordPress Plugin Nautic Pages versions = 2.0...

14 secure coding tips: Learn from the experts at Microsoft Build

Hey friends! If you are a developer, you know that writing clean and efficient code is just the starting point. Now, with AI playing a bigger role, secure coding isn't just a 'nice-to-have'—it's a must. Whether you're building web apps, working on cloud services, or adding AI to your projects,...

WordPress NewsBlogger Theme <= 0.2.5.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software NewsBlogger Type Theme Vulnerable versions = 0.2.5.4 Fixed in 0.2.5.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2025-1305 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 0ec134d8edb7 Credits Gibran Abdillah...

SoK: Enhancing Privacy-Preserving Software Development from a Developers' Perspective

In software development, privacy preservation has become essential with the rise of privacy concerns and regulations such as GDPR and CCPA. While several tools, guidelines, methods, methodologies, and frameworks have been proposed to support developers embedding privacy into software applications...

Secure Coding with AI, from Creation to Inspection

While prior studies have explored security in code generated by ChatGPT and other Large Language Models, they were conducted in controlled experimental settings and did not use code generated or provided from actual developer interactions. This paper not only examines the security of code generat...

WordPress AI Autotagger plugin < 3.30.0 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin TaxoPress versions 3.30.0...