Galaxy Store
CVEs (31)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-21002 | Med | 0.36 | 5.5 | 0.00 | Mar 16, 2026 | Improper verification of cryptographic signature in Galaxy Store prior to version 4.6.03.8 allows local attacker to install arbitrary application. | ||
| CVE-2026-21001 | Med | 0.36 | 5.5 | 0.00 | Mar 16, 2026 | Path traversal in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege. | ||
| CVE-2026-21000 | Med | 0.36 | 5.5 | 0.00 | Mar 16, 2026 | Improper access control in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege. | ||
| CVE-2026-20976 | 0.00 | — | 0.00 | Jan 9, 2026 | Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script. | |||
| CVE-2025-58483 | 0.00 | — | 0.00 | Dec 2, 2025 | Improper export of android application components in Galaxy Store for Galaxy Watch prior to version 1.0.06.29 allows local attacker to install arbitrary application on Galaxy Store. | |||
| CVE-2023-21483 | 0.00 | — | 0.00 | Sep 3, 2025 | Improper Access Control vulnerability in Galaxy Store prior to version 4.5.53.6 allows local attacker to access protected data using exported service. | |||
| CVE-2025-20951 | 0.00 | — | 0.00 | Apr 8, 2025 | Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.90.7 allows local attackers to write arbitrary files with the privilege of Galaxy Store. | |||
| CVE-2025-20895 | 0.00 | — | 0.00 | Feb 4, 2025 | Authentication Bypass Using an Alternate Path in Galaxy Store prior to version 4.5.87.6 allows physical attackers to install arbitrary applications to bypass restrictions of Setupwizard. | |||
| CVE-2024-34601 | 0.00 | — | 0.00 | Jul 2, 2024 | Improper verification of intent by broadcast receiver vulnerability in GalaxyStore prior to version 4.5.81.0 allows local attackers to launch unexported activities of GalaxyStore. | |||
| CVE-2024-20870 | 0.00 | — | 0.00 | May 7, 2024 | Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy Store. | |||
| CVE-2024-20825 | 0.00 | — | 0.00 | Feb 6, 2024 | Implicit intent hijacking vulnerability in IAP of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. | |||
| CVE-2024-20824 | 0.00 | — | 0.00 | Feb 6, 2024 | Implicit intent hijacking vulnerability in VoiceSearch of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. | |||
| CVE-2024-20823 | 0.00 | — | 0.00 | Feb 6, 2024 | Implicit intent hijacking vulnerability in SamsungAccount of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. | |||
| CVE-2024-20822 | 0.00 | — | 0.00 | Feb 6, 2024 | Implicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. | |||
| CVE-2023-42581 | 0.00 | — | 0.01 | Dec 5, 2023 | Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data. | |||
| CVE-2023-42580 | 0.00 | — | 0.01 | Dec 5, 2023 | Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to install APK from Galaxy Store. | |||
| CVE-2023-30705 | 0.00 | — | 0.00 | Aug 10, 2023 | Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.56.6?allows local attackers to access privileged content providers as Galaxy Store permission. | |||
| CVE-2023-21514 | 0.00 | — | 0.01 | May 26, 2023 | Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. | |||
| CVE-2023-21516 | 0.00 | — | 0.01 | May 26, 2023 | XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. | |||
| CVE-2023-21515 | 0.00 | — | 0.01 | May 26, 2023 | InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. |
- risk 0.36cvss 5.5epss 0.00
Improper verification of cryptographic signature in Galaxy Store prior to version 4.6.03.8 allows local attacker to install arbitrary application.
- risk 0.36cvss 5.5epss 0.00
Path traversal in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege.
- risk 0.36cvss 5.5epss 0.00
Improper access control in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege.
- CVE-2026-20976Jan 9, 2026risk 0.00cvss —epss 0.00
Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script.
- CVE-2025-58483Dec 2, 2025risk 0.00cvss —epss 0.00
Improper export of android application components in Galaxy Store for Galaxy Watch prior to version 1.0.06.29 allows local attacker to install arbitrary application on Galaxy Store.
- CVE-2023-21483Sep 3, 2025risk 0.00cvss —epss 0.00
Improper Access Control vulnerability in Galaxy Store prior to version 4.5.53.6 allows local attacker to access protected data using exported service.
- CVE-2025-20951Apr 8, 2025risk 0.00cvss —epss 0.00
Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.90.7 allows local attackers to write arbitrary files with the privilege of Galaxy Store.
- CVE-2025-20895Feb 4, 2025risk 0.00cvss —epss 0.00
Authentication Bypass Using an Alternate Path in Galaxy Store prior to version 4.5.87.6 allows physical attackers to install arbitrary applications to bypass restrictions of Setupwizard.
- CVE-2024-34601Jul 2, 2024risk 0.00cvss —epss 0.00
Improper verification of intent by broadcast receiver vulnerability in GalaxyStore prior to version 4.5.81.0 allows local attackers to launch unexported activities of GalaxyStore.
- CVE-2024-20870May 7, 2024risk 0.00cvss —epss 0.00
Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy Store.
- CVE-2024-20825Feb 6, 2024risk 0.00cvss —epss 0.00
Implicit intent hijacking vulnerability in IAP of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.
- CVE-2024-20824Feb 6, 2024risk 0.00cvss —epss 0.00
Implicit intent hijacking vulnerability in VoiceSearch of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.
- CVE-2024-20823Feb 6, 2024risk 0.00cvss —epss 0.00
Implicit intent hijacking vulnerability in SamsungAccount of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.
- CVE-2024-20822Feb 6, 2024risk 0.00cvss —epss 0.00
Implicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.
- CVE-2023-42581Dec 5, 2023risk 0.00cvss —epss 0.01
Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data.
- CVE-2023-42580Dec 5, 2023risk 0.00cvss —epss 0.01
Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to install APK from Galaxy Store.
- CVE-2023-30705Aug 10, 2023risk 0.00cvss —epss 0.00
Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.56.6?allows local attackers to access privileged content providers as Galaxy Store permission.
- CVE-2023-21514May 26, 2023risk 0.00cvss —epss 0.01
Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.
- CVE-2023-21516May 26, 2023risk 0.00cvss —epss 0.01
XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.
- CVE-2023-21515May 26, 2023risk 0.00cvss —epss 0.01
InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.
Page 1 of 2