The Build App Online plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.5. This is due to the 'eb_user_email_verification_key' default value is empty, and the not empty check is missing in the 'eb_user_email_verify' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. This can only be exploited if the 'Email Verification' setting is enabled.

The EasyEvent WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

A buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution This issue affects all versions of Silicon Labs 500 Series SDK prior to v6.85.2 running on Silicon Labs 500 series Z-wave devices.

Improper handling of insufficient privileges vulnerability in TalkbackSE prior to version Android 14 allows local attackers to modify setting value of TalkbackSE.

Improper authorization vulnerability in Samsung Keyboard prior to version One UI 5.1.1 allows physical attackers to partially bypass the factory reset protection.

Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy Store.

Improper privilege management vulnerability in Samsung Internet prior to version 25.0.0.41 allows local attackers to bypass protection for cookies.

Improper input validation in Samsung Notes prior to version 4.4.15 allows local attackers to delete files with Samsung Notes privilege under certain conditions.

Improper privilege management vulnerability in Samsung Email prior to version 6.1.91.14 allows local attackers to access sensitive information.

Authentication bypass vulnerability in Setupwizard prior to SMR May-2024 Release 1 allows physical attackers to skip activation step.

Authentication bypass in bootloader prior to SMR May-2024 Release 1 allows physical attackers to flash arbitrary images.

Improper access control vulnerability in DarManagerService prior to SMR May-2024 Release 1 allows local attackers to monitor system resources.

Out of bounds write vulnerability in SNAP in HAL prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code.

Out-of-bounds write in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code.

Use after free vulnerability in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to cause memory corruption.

Improper export of android application components vulnerability in TelephonyUI prior to SMR May-2024 Release 1 allows local attackers to reboot the device without proper permission.

Improper access control vulnerability in FactoryCamera prior to SMR May-2024 Release 1 allows local attackers to take pictures without privilege.

Improper access control vulnerability in setCocktailHostCallbacks of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application.

Improper access control vulnerability in startListening of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application.

Improper Authentication vulnerability in Secure Folder prior to SMR May-2024 Release 1 allows physical attackers to access Secure Folder without proper authentication in a specific scenario.