Fs0C131Y

**Name of the Vulnerable Software and Affected Versions** Intercom plugin for WordPress versions through 1.2.1 **Description** The issue allows an attacker to obtain significant information about the victim's Slack, including channels and members, by leaking a Slack Access Token in the source code. **Recommendations** For versions through 1.2.1, update to a version that fixes the Slack Access Token leak to prevent information disclosure.

**Name of the Vulnerable Software and Affected Versions** WP SlackSync plugin versions prior to 1.8.6 **Description** The WP SlackSync plugin for WordPress has an issue where it leaks a Slack Access Token in its source code. This leak allows an attacker to obtain significant information about the victim's Slack environment, including details about channels and members. **Recommendations** For WP SlackSync plugin versions prior to 1.8.6, update to version 1.8.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung P version 9.0 **Description** The issue allows an attacker with physical access to start a TCP Dump capture without the user's knowledge by exploiting a feature in the Service Mode application. This application is accessible after entering the *#9900# check code and is protected by a locally created OTP password. However, due to poor cryptography handling, the password can be easily obtained by reversing the password creation logic. **Recommendations** For Samsung P version 9.0, as a temporary workaround, consider restricting access to the Service Mode application until a proper fix is available. Additionally, users should be cautious when allowing physical access to their devices to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Samsung S9+, S10, and XCover 4 P version 9.0 **Description** The issue affects Samsung devices, causing them to become temporarily inoperable due to an unprotected intent in the ContainerAgent application. This can result in the victim becoming stuck in a launcher with their Secure Folder locked. The Samsung Security Team has considered this issue as having no or little security impact. **Recommendations** For Samsung S9+, S10, and XCover 4 P version 9.0, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** ES File Explorer File Manager versions through 4.1.9.7.4 **Description** The issue allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once, and responds to unauthenticated application/json data over HTTP. **Recommendations** For ES File Explorer File Manager versions through 4.1.9.7.4, as a temporary workaround, consider disabling the application's ability to listen on TCP port 59777 until a patch is available. Restrict access to the local Wi-Fi network to minimize the risk of exploitation. Avoid using the ES File Explorer File Manager application until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.