cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-20895,https://securityvulnerability.io/vulnerability/CVE-2025-20895,Authentication Bypass Vulnerability in Galaxy Store by Samsung,"An authentication bypass vulnerability exists in the Galaxy Store prior to version 4.5.87.6, enabling physical attackers to exploit the Setupwizard. This flaw permits the installation of arbitrary applications, circumventing established restrictions and potentially leading to unauthorized access and installation of malicious software.",Samsung,Galaxy Store,3.2,LOW,0.01,false,,false,false,false,,false,false,false,,2025-02-04T07:19:42.808Z,0
CVE-2024-20870,https://securityvulnerability.io/vulnerability/CVE-2024-20870,Arbitrary File Write Vulnerability in Galaxy Store Prior to Version 4.5.71.8,Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy Store.,Samsung,Galaxy Store,5.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-07T04:28:58.507Z,0
CVE-2024-20825,https://securityvulnerability.io/vulnerability/CVE-2024-20825,Samsung Galaxy Store Vulnerability Allows Local Access to Sensitive Information,"An implicit intent hijacking vulnerability has been identified in the IAP (In-App Purchasing) feature of the Samsung Galaxy Store. This vulnerability allows local attackers to exploit implicit intents to gain unauthorized access to sensitive information from affected versions prior to 4.5.63.6. Attackers can potentially leverage this flaw to manipulate application intents, leading to data exposure and security risks for users. It is crucial for users and administrators to ensure that their Galaxy Store applications are updated to the latest version to mitigate the effects of this vulnerability.",Samsung,Galaxy Store,5.5,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-02-06T02:23:15.543Z,0
CVE-2024-20824,https://securityvulnerability.io/vulnerability/CVE-2024-20824,Samsung Galaxy Store Vulnerability Allows Access to Sensitive Information via Implicit Intent Hijacking,"A vulnerability exists in the VoiceSearch feature of the Galaxy Store that enables local attackers to hijack implicit intents, potentially leading to unauthorized access to sensitive information. This flaw impacts versions below 4.5.63.6 and highlights a significant security risk for users of affected products.",Samsung,Galaxy Store,5.5,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-02-06T02:23:14.512Z,0
CVE-2024-20823,https://securityvulnerability.io/vulnerability/CVE-2024-20823,Samsung Galaxy Store Vulnerability Allows Access to Sensitive Information via Implicit Intent Hijacking,Implicit intent hijacking vulnerability in SamsungAccount of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.,Samsung,Galaxy Store,5.5,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-02-06T02:23:13.477Z,0
CVE-2024-20822,https://securityvulnerability.io/vulnerability/CVE-2024-20822,Sensitive Information at Risk: Implicit Intent Hijacking Vulnerability in Galaxy Store's AccountActivity,Implicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.,Samsung,Galaxy Store,5.5,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-02-06T02:23:12.460Z,0
CVE-2023-42580,https://securityvulnerability.io/vulnerability/CVE-2023-42580,Deeplink Vulnerability Allows Attackers to Install APK from Galaxy Store,"The improper URL validation in MCSLaunch deeplink in Samsung's Galaxy Store allows attackers to leverage this weakness to execute unauthorized JavaScript API commands. This can lead to the installation of malicious APKs from the Galaxy Store, posing significant risks to users' devices and data integrity. Users should ensure their Galaxy Store applications are updated to version 4.5.64.4 or later to mitigate this vulnerability.",Samsung,Galaxy Store,7.5,HIGH,0.0010900000343099236,false,,false,false,false,,,false,false,,2023-12-05T03:15:00.000Z,0
CVE-2023-42581,https://securityvulnerability.io/vulnerability/CVE-2023-42581,Improper URL Validation in Galaxy Store by Samsung,"A vulnerability in the Galaxy Store prior to version 4.5.64.4 allows attackers to exploit improper URL validation in InstantPlay deeplinks. This flaw can be leveraged to execute JavaScript APIs, potentially enabling unauthorized access to sensitive user data. Mitigation measures should be prioritized to address this security risk and protect users from data exposure.",Samsung,Galaxy Store,7.5,HIGH,0.0010600000387057662,false,,false,false,false,,,false,false,,2023-12-05T03:15:00.000Z,0
CVE-2023-30705,https://securityvulnerability.io/vulnerability/CVE-2023-30705,Improper Sanitization in Galaxy Store Allows Local Access to Privileged Content Providers,"The Galaxy Store is susceptible to an improper sanitization vulnerability, which allows local attackers to exploit unprotected entry points. By leveraging this flaw, attackers can gain access to privileged content providers that are otherwise secured by Galaxy Store permissions. Users are urged to update their Galaxy Store to versions 4.5.56.6 or later to mitigate potential risks.",Samsung,Galaxy Store,6.8,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-08-10T02:15:00.000Z,0
CVE-2023-21514,https://securityvulnerability.io/vulnerability/CVE-2023-21514,Improper Scheme Validation in Galaxy Store by Samsung,"A vulnerability in Samsung's Galaxy Store allows attackers to exploit improper scheme validation in InstantPlay Deeplink. This flaw, present in versions before 4.5.49.8, enables unauthorized execution of JavaScript API, which could lead to the installation of malicious APKs from the Galaxy Store. Users are advised to update to the latest version to mitigate potential risks.",Samsung,Galaxy Store,7.5,HIGH,0.001339999958872795,false,,false,false,false,,,false,false,,2023-05-26T00:00:00.000Z,0
CVE-2023-21516,https://securityvulnerability.io/vulnerability/CVE-2023-21516,XSS Vulnerability in InstantPlay for Samsung Galaxy Store,"A cross-site scripting (XSS) vulnerability exists in the InstantPlay feature of Samsung's Galaxy Store, affecting versions prior to 4.5.49.8. This flaw could enable attackers to leverage JavaScript APIs to execute unauthorized actions, such as installing APK files from the Galaxy Store without user consent. This vulnerability highlights the importance of securing web applications against XSS exploits to protect user data and device integrity.",Samsung,Galaxy Store,7.5,HIGH,0.001339999958872795,false,,false,false,false,,,false,false,,2023-05-26T00:00:00.000Z,0
CVE-2023-21515,https://securityvulnerability.io/vulnerability/CVE-2023-21515,JavaScript Execution Vulnerability in Samsung Galaxy Store InstantPlay,"A security vulnerability exists in the InstantPlay feature of Samsung's Galaxy Store, allowing attackers to execute malicious JavaScript. This weakness, found in versions before 4.5.49.8, means unauthorized users can run JavaScript API commands that enable the installation of APK files from the Galaxy Store, potentially compromising device security.",Samsung,Galaxy Store,7.5,HIGH,0.001339999958872795,false,,false,false,false,,,false,false,,2023-05-26T00:00:00.000Z,0
CVE-2023-21433,https://securityvulnerability.io/vulnerability/CVE-2023-21433,Improper Access Control in Galaxy Store by Samsung,"An improper access control vulnerability has been identified in Galaxy Store, prior to version 4.5.49.8, permitting local attackers to exploit the system and install applications without proper authorization. This flaw poses significant risks to users, as it could lead to unauthorized app installations that may compromise device security and user data integrity.",Samsung,Galaxy Store,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-02-09T00:00:00.000Z,0
CVE-2023-21434,https://securityvulnerability.io/vulnerability/CVE-2023-21434,Improper Input Validation in Galaxy Store by Samsung,"A security flaw in the Galaxy Store, prior to version 4.5.49.8, has been identified that allows local attackers to exploit improper input validation. By launching a specially crafted web page, an attacker could execute malicious JavaScript, potentially compromising the security of the device and the integrity of the user's data. This vulnerability highlights the importance of rigorous input validation to prevent unauthorized code execution.",Samsung,Galaxy Store,6.1,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2023-02-09T00:00:00.000Z,0
CVE-2022-33709,https://securityvulnerability.io/vulnerability/CVE-2022-33709,Improper Input Validation in Galaxy Store by Samsung,"An improper input validation vulnerability exists in the ApexPackageInstaller component of the Galaxy Store. This flaw, which affects versions prior to 4.5.41.8, allows local attackers to execute activities with elevated privileges, potentially leading to unauthorized access and severe security risks within the application. Users are advised to update to the latest version to mitigate this issue.",Samsung,Galaxy Store,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-07-12T14:15:00.000Z,0
CVE-2022-33708,https://securityvulnerability.io/vulnerability/CVE-2022-33708,Improper Input Validation in Galaxy Store by Samsung,"An improper input validation vulnerability has been identified in the AppsPackageInstaller component within the Galaxy Store. This flaw allows local attackers to exploit the vulnerability by launching activities with elevated privileges associated with the Galaxy Store. The vulnerability affects all versions of the Galaxy Store prior to 4.5.41.8, making it crucial for users to ensure they have the latest version installed to mitigate potential security risks.",Samsung,Galaxy Store,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-07-12T14:15:00.000Z,0
CVE-2022-33710,https://securityvulnerability.io/vulnerability/CVE-2022-33710,Improper Input Validation in Galaxy Store by Samsung,"The improperly validated input vulnerability in the BillingPackageInstaller component of Samsung's Galaxy Store allows local attackers to escalate privileges, enabling them to execute unauthorized activities. This exposure affects versions prior to 4.5.41.8 and exposes users to potential risks.",Samsung,Galaxy Store,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-07-12T14:15:00.000Z,0
CVE-2022-28791,https://securityvulnerability.io/vulnerability/CVE-2022-28791,Improper Input Validation in Samsung Galaxy Store,"An improper input validation vulnerability exists in the InstallAgent component of the Galaxy Store, which can be exploited to overwrite files stored in a specified directory. This flaw affects versions prior to 4.5.41.8, where insufficient checks allowed the possibility of file manipulation. A patch has been implemented to enhance safeguard measures, ensuring that existing files remain protected against unauthorized overwrites.",Samsung,Galaxy Store,6.2,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-05-03T19:43:31.000Z,0
CVE-2022-28776,https://securityvulnerability.io/vulnerability/CVE-2022-28776,Improper Access Control in Galaxy Store by Samsung,"An improper access control vulnerability in the Galaxy Store prior to version 4.5.36.4 enables attackers to install applications without any user interaction. This flaw potentially exposes users to unauthorized app installations, leading to security risks and compromised devices.",Samsung,Galaxy Store,5.9,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-04-11T19:37:43.000Z,0
CVE-2022-28544,https://securityvulnerability.io/vulnerability/CVE-2022-28544,Path Traversal Vulnerability in Galaxy Store by Samsung,"A path traversal vulnerability in the unzip method of the InstallAgentCommonHelper component of Galaxy Store prior to version 4.5.40.5 allows attackers to exploit the system and gain unauthorized access to files within the Galaxy Store environment, potentially leading to sensitive information exposure.",Samsung,Galaxy Store,6.2,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-04-11T19:37:37.000Z,0
CVE-2022-28542,https://securityvulnerability.io/vulnerability/CVE-2022-28542,Improper Input Sanitization in Samsung Galaxy Store,"The Galaxy Store prior to version 4.5.40.5 has a vulnerability that stems from improper sanitization of incoming intents. This flaw enables local attackers to exploit the application, potentially granting them unauthorized access to privileged content providers that are normally secured by Galaxy Store permissions. Due to this vulnerability, sensitive user data may be exposed, leading to further security risks.",Samsung,Galaxy Store,6.8,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-04-11T19:37:36.000Z,0
CVE-2022-22288,https://securityvulnerability.io/vulnerability/CVE-2022-22288,Improper Authorization Vulnerability in Galaxy Store by Samsung,"An improper authorization vulnerability exists in the Galaxy Store prior to version 4.5.36.5, which could allow remote attackers to install applications without appropriate authorization. This flaw exposes users to potential security risks by enabling unauthorized access to app installation features, leading to possible exploitation.",Samsung,Galaxy Store,7.5,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-01-10T14:12:00.000Z,0
CVE-2021-25499,https://securityvulnerability.io/vulnerability/CVE-2021-25499,Intent Redirection Vulnerability in Galaxy Store by Samsung,"An intent redirection vulnerability found in Samsung's Galaxy Store prior to version 4.5.32.4 could allow an attacker to access sensitive data via the content provider associated with the Galaxy Store. This flaw exists within the SamsungAccountSDKSigninActivity, which can potentially lead to unauthorized data exposure, enhancing security risks for users.",Samsung,Galaxy Store,7.1,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-10-06T17:11:46.000Z,0