Samsung Internet
CVEs (27)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-58485 | 0.00 | — | 0.00 | Dec 2, 2025 | Improper input validation in Samsung Internet prior to version 29.0.0.48 allows local attackers to inject arbitrary script. | |||
| CVE-2025-20995 | 0.00 | — | 0.00 | Jun 4, 2025 | Improper handling of insufficient permission in ClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0.0.59 allows local attackers to read and write arbitrary files. | |||
| CVE-2025-20994 | 0.00 | — | 0.00 | Jun 4, 2025 | Improper handling of insufficient permission in SyncClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0.0.59 allows local attackers to access read and write arbitrary files. | |||
| CVE-2024-34671 | 0.00 | — | 0.00 | Oct 8, 2024 | Use of implicit intent for sensitive communication in translation혻in Samsung Internet prior to version 26.0.3.1 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability. | |||
| CVE-2024-20869 | 0.00 | — | 0.00 | May 7, 2024 | Improper privilege management vulnerability in Samsung Internet prior to version 25.0.0.41 allows local attackers to bypass protection for cookies. | |||
| CVE-2024-20838 | 0.00 | — | 0.00 | Mar 5, 2024 | Improper validation vulnerability in Samsung Internet prior to version 24.0.3.2 allows local attackers to execute arbitrary code. | |||
| CVE-2024-20837 | 0.00 | — | 0.00 | Mar 5, 2024 | Improper handling of granting permission for Trusted Web Activities in Samsung Internet prior to version 24.0.0.41 allows local attackers to grant permission to their own TWA WebApps without user interaction. | |||
| CVE-2024-20829 | 0.00 | — | 0.00 | Mar 5, 2024 | Missing proper interaction for opening deeplink in Samsung Internet prior to version v24.0.0.0 allows remote attackers to open an application without proper interaction. | |||
| CVE-2024-20828 | 0.00 | — | 0.00 | Feb 6, 2024 | Improper authorization verification vulnerability in Samsung Internet prior to version 24.0 allows physical attackers to access files downloaded in SecretMode without proper authentication. | |||
| CVE-2023-30704 | 0.00 | — | 0.00 | Aug 10, 2023 | Improper Authorization vulnerability in Samsung Internet prior to version 22.0.0.35 allows physical attacker access downloaded files in Secret Mode without user authentication. | |||
| CVE-2023-30674 | 0.00 | — | 0.00 | Jul 6, 2023 | Improper configuration in Samsung Internet prior to version 21.0.0.41 allows attacker to bypass SameSite Cookie. | |||
| CVE-2022-39873 | 0.00 | — | 0.00 | Oct 7, 2022 | Improper authorization vulnerability in Samsung Internet prior to version 18.0.4.14 allows physical attackers to add bookmarks in secret mode without user authentication. | |||
| CVE-2022-36835 | 0.00 | — | 0.00 | Aug 5, 2022 | Implicit Intent hijacking vulnerability in Samsung Internet Browser prior to version 17.0.7.34 allows attackers to access arbitrary files. | |||
| CVE-2022-30740 | 0.00 | — | 0.00 | Jun 7, 2022 | Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical attackers to guess stored credit card numbers. | |||
| CVE-2022-30738 | 0.00 | — | 0.00 | Jun 7, 2022 | Improper check in Loader in Samsung Internet prior to 17.0.1.69 allows attackers to spoof address bar via executing script. | |||
| CVE-2022-27839 | 0.00 | — | 0.00 | Apr 11, 2022 | Improper authentication vulnerability in SecretMode in Samsung Internet prior to version 16.2.1 allows attackers to access bookmark tab without proper credentials. | |||
| CVE-2022-22290 | 0.00 | — | 0.00 | Jan 14, 2022 | Incorrect download source UI in Downloads in Samsung Internet prior to 16.0.6.23 allows attackers to perform domain spoofing via a crafted HTML page. | |||
| CVE-2022-22284 | 0.00 | — | 0.00 | Jan 7, 2022 | Improper authentication vulnerability in Samsung Internet prior to 16.0.2.19 allows attackers to bypass secret mode password authentication | |||
| CVE-2021-25521 | 0.00 | — | 0.00 | Dec 8, 2021 | Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to get current tab URL in Samsung Internet. | |||
| CVE-2021-25520 | 0.00 | — | 0.00 | Dec 8, 2021 | Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to execute script codes in Samsung Internet. |
- CVE-2025-58485Dec 2, 2025risk 0.00cvss —epss 0.00
Improper input validation in Samsung Internet prior to version 29.0.0.48 allows local attackers to inject arbitrary script.
- CVE-2025-20995Jun 4, 2025risk 0.00cvss —epss 0.00
Improper handling of insufficient permission in ClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0.0.59 allows local attackers to read and write arbitrary files.
- CVE-2025-20994Jun 4, 2025risk 0.00cvss —epss 0.00
Improper handling of insufficient permission in SyncClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0.0.59 allows local attackers to access read and write arbitrary files.
- CVE-2024-34671Oct 8, 2024risk 0.00cvss —epss 0.00
Use of implicit intent for sensitive communication in translation혻in Samsung Internet prior to version 26.0.3.1 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability.
- CVE-2024-20869May 7, 2024risk 0.00cvss —epss 0.00
Improper privilege management vulnerability in Samsung Internet prior to version 25.0.0.41 allows local attackers to bypass protection for cookies.
- CVE-2024-20838Mar 5, 2024risk 0.00cvss —epss 0.00
Improper validation vulnerability in Samsung Internet prior to version 24.0.3.2 allows local attackers to execute arbitrary code.
- CVE-2024-20837Mar 5, 2024risk 0.00cvss —epss 0.00
Improper handling of granting permission for Trusted Web Activities in Samsung Internet prior to version 24.0.0.41 allows local attackers to grant permission to their own TWA WebApps without user interaction.
- CVE-2024-20829Mar 5, 2024risk 0.00cvss —epss 0.00
Missing proper interaction for opening deeplink in Samsung Internet prior to version v24.0.0.0 allows remote attackers to open an application without proper interaction.
- CVE-2024-20828Feb 6, 2024risk 0.00cvss —epss 0.00
Improper authorization verification vulnerability in Samsung Internet prior to version 24.0 allows physical attackers to access files downloaded in SecretMode without proper authentication.
- CVE-2023-30704Aug 10, 2023risk 0.00cvss —epss 0.00
Improper Authorization vulnerability in Samsung Internet prior to version 22.0.0.35 allows physical attacker access downloaded files in Secret Mode without user authentication.
- CVE-2023-30674Jul 6, 2023risk 0.00cvss —epss 0.00
Improper configuration in Samsung Internet prior to version 21.0.0.41 allows attacker to bypass SameSite Cookie.
- CVE-2022-39873Oct 7, 2022risk 0.00cvss —epss 0.00
Improper authorization vulnerability in Samsung Internet prior to version 18.0.4.14 allows physical attackers to add bookmarks in secret mode without user authentication.
- CVE-2022-36835Aug 5, 2022risk 0.00cvss —epss 0.00
Implicit Intent hijacking vulnerability in Samsung Internet Browser prior to version 17.0.7.34 allows attackers to access arbitrary files.
- CVE-2022-30740Jun 7, 2022risk 0.00cvss —epss 0.00
Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical attackers to guess stored credit card numbers.
- CVE-2022-30738Jun 7, 2022risk 0.00cvss —epss 0.00
Improper check in Loader in Samsung Internet prior to 17.0.1.69 allows attackers to spoof address bar via executing script.
- CVE-2022-27839Apr 11, 2022risk 0.00cvss —epss 0.00
Improper authentication vulnerability in SecretMode in Samsung Internet prior to version 16.2.1 allows attackers to access bookmark tab without proper credentials.
- CVE-2022-22290Jan 14, 2022risk 0.00cvss —epss 0.00
Incorrect download source UI in Downloads in Samsung Internet prior to 16.0.6.23 allows attackers to perform domain spoofing via a crafted HTML page.
- CVE-2022-22284Jan 7, 2022risk 0.00cvss —epss 0.00
Improper authentication vulnerability in Samsung Internet prior to 16.0.2.19 allows attackers to bypass secret mode password authentication
- CVE-2021-25521Dec 8, 2021risk 0.00cvss —epss 0.00
Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to get current tab URL in Samsung Internet.
- CVE-2021-25520Dec 8, 2021risk 0.00cvss —epss 0.00
Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to execute script codes in Samsung Internet.
Page 1 of 2