Galaxy Store

galaxy_store

Vendor: Samsung • 31 CVEs

CVEs (31)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-21002 1Samsung 1Galaxy Store Apr 7, 2026 Mar 16, 2026 5.9 MEDIUM· v4 5.5 MEDIUM· v3 N/A· v2 Improper verification of cryptographic signature in Galaxy Store prior to version 4.6.03.8 allows local attacker to install arbitrary application.
CVE-2026-21001 1Samsung 1Galaxy Store Apr 7, 2026 Mar 16, 2026 5.9 MEDIUM· v4 5.5 MEDIUM· v3 N/A· v2 Path traversal in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege.
CVE-2026-21000 1Samsung 1Galaxy Store Apr 7, 2026 Mar 16, 2026 7.0 HIGH· v4 5.5 MEDIUM· v3 N/A· v2 Improper access control in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege.
CVE-2026-20976 1Samsung 1Galaxy Store Jan 15, 2026 Jan 9, 2026 5.1 MEDIUM· v4 7.8 HIGH· v3 N/A· v2 Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script.
CVE-2025-58483 1Samsung 1Galaxy Store Dec 4, 2025 Dec 2, 2025 N/A· v4 3.3 LOW· v3 N/A· v2 Improper export of android application components in Galaxy Store for Galaxy Watch prior to version 1.0.06.29 allows local attacker to install arbitrary application on Galaxy Store.
CVE-2023-21483 1Samsung 1Galaxy Store Sep 9, 2025 Sep 3, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Improper Access Control vulnerability in Galaxy Store prior to version 4.5.53.6 allows local attacker to access protected data using exported service.
CVE-2025-20951 1Samsung 1Galaxy Store Jul 17, 2025 Apr 8, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.90.7 allows local attackers to write arbitrary files with the privilege of Galaxy Store.
CVE-2025-20895 1Samsung 1Galaxy Store Jul 17, 2025 Feb 4, 2025 N/A· v4 4.6 MEDIUM· v3 N/A· v2 Authentication Bypass Using an Alternate Path in Galaxy Store prior to version 4.5.87.6 allows physical attackers to install arbitrary applications to bypass restrictions of Setupwizard.
CVE-2024-34601 1Samsung 1Galaxy Store Jan 3, 2025 Jul 2, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Improper verification of intent by broadcast receiver vulnerability in GalaxyStore prior to version 4.5.81.0 allows local attackers to launch unexported activities of GalaxyStore.
CVE-2024-20870 1Samsung 1Galaxy Store Jul 17, 2025 May 7, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy Store.
CVE-2024-20825 1Samsung 1Galaxy Store Nov 21, 2024 Feb 6, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Implicit intent hijacking vulnerability in IAP of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.
CVE-2024-20824 1Samsung 1Galaxy Store Nov 21, 2024 Feb 6, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Implicit intent hijacking vulnerability in VoiceSearch of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.
CVE-2024-20823 1Samsung 1Galaxy Store Nov 21, 2024 Feb 6, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Implicit intent hijacking vulnerability in SamsungAccount of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.
CVE-2024-20822 1Samsung 1Galaxy Store Nov 21, 2024 Feb 6, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Implicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.
CVE-2023-42581 1Samsung 1Galaxy Store Nov 21, 2024 Dec 5, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data.
CVE-2023-42580 1Samsung 1Galaxy Store Nov 21, 2024 Dec 5, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to install APK from Galaxy Store.
CVE-2023-30705 1Samsung 1Galaxy Store Nov 21, 2024 Aug 10, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.56.6?allows local attackers to access privileged content providers as Galaxy Store permission.
CVE-2023-21516 1Samsung 1Galaxy Store Nov 21, 2024 May 26, 2023 N/A· v4 9.6 CRITICAL· v3 N/A· v2 XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.
CVE-2023-21515 1Samsung 1Galaxy Store Nov 21, 2024 May 26, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.
CVE-2023-21514 1Samsung 1Galaxy Store Nov 21, 2024 May 26, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.

12 Next