The AMP for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.1.10. This is due to insufficient sanitization of SVG file...

Improper authorization vulnerability exists in RICOH Streamline NX 3.5.1 to 24R3. If a man-in-the-middle attack is conducted on the communication between the affected product and its user, and some crafted request is processed by...

Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script. More information : https://security.samsungmobile.com/serviceWeb.smsb?year=2026&month=01

Improper handling of insufficient permission in Samsung Cloud prior to version 5.6.11 allows local attackers to access specific files in arbitrary path. More information : https://security.samsungmobile.com/serviceWeb.smsb?year=2026&month=01

Improper input validation in data related to network restrictions prior to SMR Jan-2026 Release 1 allows physical attackers to bypass Carrier Relock. More information : https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=01

Out-of-bounds read in libimagecodec.quram.so prior to SMR Jan-2026 Release 1 allows remote attacker to access out-of-bounds memory. More information : https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=01

Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows local attackers to enable UWB. More information : https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=01

Use After Free in PROCA driver prior to SMR Jan-2026 Release 1 allows local attackers to potentially execute arbitrary code. More information : https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=01

Improper access control in SLocation prior to SMR Jan-2026 Release 1 allows local attackers to execute the privileged APIs. More information : https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=01

Improper input validation in SecSettings prior to SMR Jan-2026 Release 1 allows local attacker to access file with system privilege. User interaction is required for triggering this vulnerability. More information : https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=01

Use after free in DualDAR prior to SMR Jan-2026 Release 1 allows local privileged attackers to execute arbitrary code. More information : https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=01

The WP Google Street View (with 360° virtual tour) & Google maps + Local SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpgsv_map’ shortcode in all versions up to, and...

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in The Wikimedia Foundation Mediawiki – Monaco Skin allows Cross-Site Scripting (XSS).This issue affects Mediawiki – Monaco Skin: 1.45, 1.44, 1.43,...

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in The Wikimedia Foundation Mediawiki – GrowthExperiments Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki – GrowthExperiments Extension: 1.45, 1.44, 1.43,...