VYPR

Galaxy Store

by Samsung Mobile

CVEs (31)

  • CVE-2026-21002MedMar 16, 2026
    risk 0.36cvss 5.5epss 0.00

    Improper verification of cryptographic signature in Galaxy Store prior to version 4.6.03.8 allows local attacker to install arbitrary application.

  • CVE-2026-21001MedMar 16, 2026
    risk 0.36cvss 5.5epss 0.00

    Path traversal in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege.

  • CVE-2026-21000MedMar 16, 2026
    risk 0.36cvss 5.5epss 0.00

    Improper access control in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege.

  • CVE-2026-20976Jan 9, 2026
    risk 0.00cvss epss 0.00

    Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script.

  • CVE-2025-58483Dec 2, 2025
    risk 0.00cvss epss 0.00

    Improper export of android application components in Galaxy Store for Galaxy Watch prior to version 1.0.06.29 allows local attacker to install arbitrary application on Galaxy Store.

  • CVE-2023-21483Sep 3, 2025
    risk 0.00cvss epss 0.00

    Improper Access Control vulnerability in Galaxy Store prior to version 4.5.53.6 allows local attacker to access protected data using exported service.

  • CVE-2025-20951Apr 8, 2025
    risk 0.00cvss epss 0.00

    Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.90.7 allows local attackers to write arbitrary files with the privilege of Galaxy Store.

  • CVE-2025-20895Feb 4, 2025
    risk 0.00cvss epss 0.00

    Authentication Bypass Using an Alternate Path in Galaxy Store prior to version 4.5.87.6 allows physical attackers to install arbitrary applications to bypass restrictions of Setupwizard.

  • CVE-2024-34601Jul 2, 2024
    risk 0.00cvss epss 0.00

    Improper verification of intent by broadcast receiver vulnerability in GalaxyStore prior to version 4.5.81.0 allows local attackers to launch unexported activities of GalaxyStore.

  • CVE-2024-20870May 7, 2024
    risk 0.00cvss epss 0.00

    Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy Store.

  • CVE-2024-20825Feb 6, 2024
    risk 0.00cvss epss 0.00

    Implicit intent hijacking vulnerability in IAP of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.

  • CVE-2024-20824Feb 6, 2024
    risk 0.00cvss epss 0.00

    Implicit intent hijacking vulnerability in VoiceSearch of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.

  • CVE-2024-20823Feb 6, 2024
    risk 0.00cvss epss 0.00

    Implicit intent hijacking vulnerability in SamsungAccount of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.

  • CVE-2024-20822Feb 6, 2024
    risk 0.00cvss epss 0.00

    Implicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.

  • CVE-2023-42581Dec 5, 2023
    risk 0.00cvss epss 0.01

    Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data.

  • CVE-2023-42580Dec 5, 2023
    risk 0.00cvss epss 0.01

    Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to install APK from Galaxy Store.

  • CVE-2023-30705Aug 10, 2023
    risk 0.00cvss epss 0.00

    Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.56.6?allows local attackers to access privileged content providers as Galaxy Store permission.

  • CVE-2023-21514May 26, 2023
    risk 0.00cvss epss 0.01

    Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.

  • CVE-2023-21516May 26, 2023
    risk 0.00cvss epss 0.01

    XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.

  • CVE-2023-21515May 26, 2023
    risk 0.00cvss epss 0.01

    InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.

Page 1 of 2