Authentication bypass by replay in Smart Switch prior to version 3.7.69.15 allows remote attackers to trigger privileged functions. More information : https://security.samsungmobile.com/serviceWeb.smsb?year=2026&month=03

Improper authentication in Smart Switch prior to version 3.7.69.15 allows remote attackers to bypass authentication. More information : https://security.samsungmobile.com/serviceWeb.smsb?year=2026&month=03

Improper verification of cryptographic signature in Smart Switch prior to version 3.7.69.15 allows remote attackers to potentially bypass authentication. More information : https://security.samsungmobile.com/serviceWeb.smsb?year=2026&month=03

Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.69.15 allows remote attackers to configure a downgraded scheme for authentication. More information : https://security.samsungmobile.com/serviceWeb.smsb?year=2026&month=03

Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69.15 allows remote attackers to set a specific configuration. More information : https://security.samsungmobile.com/serviceWeb.smsb?year=2026&month=03

URL redirection in Samsung Account prior to version 15.5.01.1 allows remote attackers to potentially get access token. More information : https://security.samsungmobile.com/serviceWeb.smsb?year=2026&month=03

Improper export of android application components in Samsung Assistant prior to version 9.3.10.7 allows local attacker to access saved information. More information : https://security.samsungmobile.com/serviceWeb.smsb?year=2026&month=03

Improper authorization in Settings prior to SMR Mar-2026 Release 1 allows local attacker to disable configuring the background data usage of application. More information : https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=03

Improper privilege management in ThemeManager prior to SMR Mar-2026 Release 1 allows local privileged attackers to reuse trial contents. More information : https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=03

Improper export of android application components in Secure Folder prior to SMR Mar-2026 Release 1 allows local attackers to launch arbitrary activity with Secure Folder privilege. More information : https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=03

Improper verification of cryptographic signature in Font Settings prior to SMR Mar-2026 Release 1 allows physical attackers to use custom font. More information : https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=03

Improper verification of intent by broadcast receiver in Settings prior to SMR Mar-2026 Release 1 allows local attacker to launch arbitrary activity with Settings privilege. User interaction is required for triggering this vulnerability. More...

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate_license() function in all versions up to, and...

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 9.1.9 via the submit_nex_form() function due to missing validation...