Martin Heyden

**Name of the Vulnerable Software and Affected Versions** UwbTest versions prior to SMR Jan-2026 Release 1 **Description** The application improperly exports Android components, potentially allowing a local attacker to enable Ultra-Wideband (UWB) functionality. **Recommendations** Update UwbTest to SMR Jan-2026 Release 1 or later.

**Name of the Vulnerable Software and Affected Versions** Smart Things versions prior to 1.7.93 **Description** The issue is related to improper access control, allowing an attacker to invite others without the owner's authorization. **Recommendations** For versions prior to 1.7.93, update to version 1.7.93 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SmartTagPlugin versions prior to 1.2.21-6 **Description** The issue is related to improper input validation in the SmartTagPlugin, allowing privileged attackers to trigger a cross-site scripting (XSS) attack on a victim's devices. **Recommendations** For versions prior to 1.2.21-6, update to version 1.2.21-6 or later to resolve the issue. As a temporary workaround, consider restricting access to the SmartTagPlugin to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Samsung Members versions prior to 4.3.00.11 Samsung Members version prior to 14.0.02.4 in China **Description** The issue allows local attackers to access device identification via log, due to exposure of sensitive information in FaqSymptomCardViewModel. **Recommendations** For versions prior to 4.3.00.11, update to version 4.3.00.11 or later. For version prior to 14.0.02.4 in China, update to version 14.0.02.4 or later.

**Name of the Vulnerable Software and Affected Versions** UWB stack versions prior to SMR Mar-2022 Release 1 **Description** The issue is related to an improper boundary check, which can lead to arbitrary code execution. **Recommendations** For versions prior to SMR Mar-2022 Release 1, update to SMR Mar-2022 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung SearchWidget versions prior to 2.3.00.6 **Description** The issue is related to improper access control in the Samsung SearchWidget, allowing untrusted applications to load arbitrary URLs and local files in a webview. **Recommendations** For versions prior to 2.3.00.6, update to version 2.3.00.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SmartTagPlugin versions prior to 1.2.15-6 **Description** The issue is related to improper input validation in the SmartTagPlugin, allowing privileged attackers to trigger a cross-site scripting (XSS) attack on a victim's devices. **Recommendations** For versions prior to 1.2.15-6, update to version 1.2.15-6 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Nutch versions prior to 1.18 Description: An XML external entity (XXE) injection issue was discovered in the Nutch DmozParser. This issue allows an attacker to interfere with the application's processing of XML data, potentially enabling them to view files on the application server filesystem and interact with back-end or external systems that the application can access. Recommendations: For versions prior to 1.18, update to Apache Nutch 1.18 to resolve the issue. As a temporary workaround, consider restricting the use of the DmozParser until a patch is available.