In SonarQube before 25.6, 2025.3 Commercial, and 2025.1.3 LTA, authenticated low-privileged users can query the /api/v2/users-management/users endpoint and obtain user fields intended for administrators only, including the email addresses of other accounts. More information...
Improper input validation in Retail Mode prior to version 5.59.11 allows self attackers to execute privileged commands on their own devices. More information : https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=10
Out-of-bounds read in the SPI decoder in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory. More information : https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=10
Cleartext storage of sensitive information in Smart Switch prior to version 3.7.67.2 allows local attackers to access sensitive data. User interaction is required for triggering this vulnerability. More information : https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=10
Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.67.2 allows local attackers to replace the restoring application. User interaction is required for triggering this vulnerability. More information :...
Improper access control in Samsung Voice Recorder prior to version 21.5.73.12 in Android 15 and 21.5.81.40 in Android 16 allows physical attackers to access recording files on the lock screen. More information : https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=10
Improper authentication in Smart Switch prior to version 3.7.66.6 allows adjacent attackers to access transferring data. More information : https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=10
Out-of-bounds read in the parsing header for JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to potentially access out-of-bounds memory. More information : https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=10
Out-of-bounds read and write in libimagecodec.quram.so prior to SMR Oct-2025 Release 1 allows remote attackers to access out-of-bounds memory. More information : https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=10
Use of implicit intent for sensitive communication in Samsung Notes prior to version 4.4.30.63 allows local attackers to access shared notes. More information : https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=10
Improper access control in Routines prior to version 4.8.7.1 in Android 15 and 4.9.6.0 in Android 16 allows local attackers to potentially execute arbitrary code with SystemUI privilege. More information : https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=10
Improper authorization in Samsung Health prior to version 6.30.5.105 allows local attackers to access data in Samsung Health. More information : https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=10
Cleartext storage of sensitive information in Smart Switch prior to version 3.7.67.2 allows local attackers to access backup data from applications. User interaction is required for triggering this vulnerability. More information : https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=10
Relative path traversal in Knox Enterprise prior to SMR Oct-2025 Release 1 allows local attackers to execute arbitrary code. More information : https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=10