VYPR

Samsung Members

by Samsung Mobile

CVEs (16)

  • CVE-2018-11614HigSep 24, 2018
    risk 0.57cvss 8.8epss 0.01

    This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Members Fixed in version 2.4.25. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The…

  • CVE-2026-21037MedJun 5, 2026
    risk 0.45cvss epss 0.00

    Improper input validation in Samsung Members prior to version 5.8.01.5 allows local attackers to access arbitrary URL and launch arbitrary activity with Samsung Members privilege.

  • CVE-2021-25374Apr 9, 2021
    risk 0.01cvss epss 0.03

    An improper authorization vulnerability in Samsung Members "samsungrewards" scheme for deeplink in versions 2.4.83.9 in Android O(8.1) and below, and 3.9.00.9 in Android P(9.0) and above allows remote attackers to access a user data related with Samsung Account.

  • CVE-2026-20986Feb 4, 2026
    risk 0.00cvss epss 0.00

    Path traversal in Samsung Members prior to Chinese version 15.5.05.4 allows local attackers to overwrite data within Samsung Members.

  • CVE-2026-20985Feb 4, 2026
    risk 0.00cvss epss 0.00

    Improper input validation in Samsung Members prior to version 5.6.00.11 allows remote attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privilege. User interaction is required for triggering this vulnerability.

  • CVE-2025-21079Nov 5, 2025
    risk 0.00cvss epss 0.00

    Improper input validation in Samsung Members prior to version 5.5.01.3 allows remote attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privilege. User interaction is required for triggering this vulnerability.

  • CVE-2025-20949May 7, 2025
    risk 0.00cvss epss 0.00

    Path traversal vulnerability in Samsung Members prior to version 5.0.00.11 allows attackers to read and write arbitrary file with the privilege of Samsung Members.

  • CVE-2025-20898Feb 4, 2025
    risk 0.00cvss epss 0.00

    Improper input validation in Samsung Members prior to version 5.2.00.12 allows physical attackers to access data across multiple user profiles.

  • CVE-2023-30703Aug 10, 2023
    risk 0.00cvss epss 0.00

    Improper URL validation vulnerability in Samsung Members prior to version 14.0.07.1 allows attackers to access sensitive information.

  • CVE-2022-36877Sep 9, 2022
    risk 0.00cvss epss 0.00

    Exposure of Sensitive Information in FaqSymptomCardViewModel in Samsung Members prior to versions 4.3.00.11 in Global and 14.0.02.4 in China allows local attackers to access device identification via log.

  • CVE-2022-30748Jun 7, 2022
    risk 0.00cvss epss 0.00

    Unprotected dynamic receiver in Samsung Members prior to version 4.2.005 allows attacker to launch arbitrary activity.

  • CVE-2022-28777Apr 11, 2022
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in Samsung Members prior to version 13.6.08.5 allows local attacker to execute call function without CALL_PHONE permission.

  • CVE-2021-25439Jul 8, 2021
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause arbitrary webpage loading in webview.

  • CVE-2021-25438Jul 8, 2021
    risk 0.00cvss epss 0.02

    Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause local file inclusion in webview.

  • CVE-2021-25432Jul 8, 2021
    risk 0.00cvss epss 0.00

    Information exposure vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to access chat data.

  • CVE-2021-25343Mar 4, 2021
    risk 0.00cvss epss 0.00

    Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0) and above) allows unauthorized actions including denial of service attack by hijacking the provider.