Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file.

Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file.

Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1 allows remote attackers to establish pairing process without user interaction.

Improper access control vulnerability in Samsung DeX prior to SMR Jan-2024 Release 1 allows owner to access other users' notification in a multi-user environment.

Deserialization of Untrusted Data vulnerability in Gesundheit Bewegt GmbH Zippy.This issue affects Zippy: from n/a through 1.6.5.

Authorization Bypass Through User-Controlled Key vulnerability in WP Sunshine Sunshine Photo Cart: Free Client Galleries for Photographers.This issue affects Sunshine Photo Cart: Free Client Galleries for Photographers: from n/a before 3.0.0.

Multisuns EasyLog web+ has a code injection vulnerability. An unauthenticated remote attacker can exploit this vulnerability to inject code and access the system to perform arbitrary system operations or disrupt service.

Multisuns EasyLog web+ has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.

Multisuns EasyLog web+ has a vulnerability of using hard-coded credentials. An remote attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service.

SQL njection vulnerability in SunnyToo sturls before version 1.1.13, allows attackers to escalate privileges and obtain sensitive information via StUrls::hookActionDispatcher and StUrls::getInstanceId methods.