Internet
CVEs (30)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-10496 | Hig | 0.57 | 8.8 | 0.02 | Sep 24, 2018 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Internet Browser Fixed in version 6.4.0.15. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious… | ||
| CVE-2021-25418 | Hig | 0.51 | 7.8 | 0.00 | Jun 11, 2021 | Improper component protection vulnerability in Samsung Internet prior to version 14.0.1.62 allows untrusted applications to execute arbitrary activity in specific condition. | ||
| CVE-2021-25400 | Hig | 0.51 | 7.8 | 0.00 | Jun 11, 2021 | Intent redirection vulnerability in Samsung Internet prior to version 14.0.1.20 allows attacker to execute privileged action. | ||
| CVE-2024-20838 | Med | 0.44 | 6.8 | 0.00 | Mar 5, 2024 | Improper validation vulnerability in Samsung Internet prior to version 24.0.3.2 allows local attackers to execute arbitrary code. | ||
| CVE-2023-30674 | Med | 0.42 | 6.5 | 0.01 | Jul 6, 2023 | Improper configuration in Samsung Internet prior to version 21.0.0.41 allows attacker to bypass SameSite Cookie. | ||
| CVE-2022-22290 | Med | 0.42 | 6.5 | 0.01 | Jan 14, 2022 | Incorrect download source UI in Downloads in Samsung Internet prior to 16.0.6.23 allows attackers to perform domain spoofing via a crafted HTML page. | ||
| CVE-2021-25466 | Med | 0.42 | 6.5 | 0.01 | Sep 9, 2021 | Improper scheme check vulnerability in Samsung Internet prior to version 15.0.2.47 allows attackers to perform Man-in-the-middle attack and obtain Samsung Account token. | ||
| CVE-2021-25419 | Med | 0.42 | 6.5 | 0.01 | Jun 11, 2021 | Non-compliance of recommended secure coding scheme in Samsung Internet prior to version 14.0.1.62 allows attackers to display fake URL in address bar via phising URL link. | ||
| CVE-2026-21036 | Med | 0.41 | — | 0.00 | Jun 5, 2026 | Improper authorization in Samsung Internet prior to version 30.0.0.39 allows local attackers to access sensitive information. | ||
| CVE-2021-25520 | Med | 0.38 | 5.9 | 0.00 | Dec 8, 2021 | Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to execute script codes in Samsung Internet. | ||
| CVE-2022-22284 | Med | 0.37 | 5.7 | 0.00 | Jan 10, 2022 | Improper authentication vulnerability in Samsung Internet prior to 16.0.2.19 allows attackers to bypass secret mode password authentication | ||
| CVE-2024-20869 | Med | 0.36 | 5.5 | 0.00 | May 7, 2024 | Improper privilege management vulnerability in Samsung Internet prior to version 25.0.0.41 allows local attackers to bypass protection for cookies. | ||
| CVE-2024-20829 | Med | 0.35 | 5.4 | 0.00 | Mar 5, 2024 | Missing proper interaction for opening deeplink in Samsung Internet prior to version v24.0.0.0 allows remote attackers to open an application without proper interaction. | ||
| CVE-2021-25445 | Med | 0.35 | 5.3 | 0.01 | Aug 5, 2021 | Unprotected component vulnerability in Samsung Internet prior to version 14.2 allows untrusted application to access internal files in Samsung Internet. | ||
| CVE-2024-20837 | Med | 0.34 | 5.3 | 0.00 | Mar 5, 2024 | Improper handling of granting permission for Trusted Web Activities in Samsung Internet prior to version 24.0.0.41 allows local attackers to grant permission to their own TWA WebApps without user interaction. | ||
| CVE-2025-20995 | Med | 0.32 | 4.9 | 0.00 | Jun 4, 2025 | Improper handling of insufficient permission in ClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0.0.59 allows local attackers to read and write arbitrary files. | ||
| CVE-2025-20994 | Med | 0.29 | 4.5 | 0.00 | Jun 4, 2025 | Improper handling of insufficient permission in SyncClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0.0.59 allows local attackers to access read and write arbitrary files. | ||
| CVE-2022-39873 | Med | 0.28 | 4.3 | 0.00 | Oct 7, 2022 | Improper authorization vulnerability in Samsung Internet prior to version 18.0.4.14 allows physical attackers to add bookmarks in secret mode without user authentication. | ||
| CVE-2022-30738 | Med | 0.28 | 4.3 | 0.01 | Jun 7, 2022 | Improper check in Loader in Samsung Internet prior to 17.0.1.69 allows attackers to spoof address bar via executing script. | ||
| CVE-2022-30740 | Med | 0.27 | 4.1 | 0.00 | Jun 7, 2022 | Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical attackers to guess stored credit card numbers. |
- risk 0.57cvss 8.8epss 0.02
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Internet Browser Fixed in version 6.4.0.15. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious…
- risk 0.51cvss 7.8epss 0.00
Improper component protection vulnerability in Samsung Internet prior to version 14.0.1.62 allows untrusted applications to execute arbitrary activity in specific condition.
- risk 0.51cvss 7.8epss 0.00
Intent redirection vulnerability in Samsung Internet prior to version 14.0.1.20 allows attacker to execute privileged action.
- risk 0.44cvss 6.8epss 0.00
Improper validation vulnerability in Samsung Internet prior to version 24.0.3.2 allows local attackers to execute arbitrary code.
- risk 0.42cvss 6.5epss 0.01
Improper configuration in Samsung Internet prior to version 21.0.0.41 allows attacker to bypass SameSite Cookie.
- risk 0.42cvss 6.5epss 0.01
Incorrect download source UI in Downloads in Samsung Internet prior to 16.0.6.23 allows attackers to perform domain spoofing via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Improper scheme check vulnerability in Samsung Internet prior to version 15.0.2.47 allows attackers to perform Man-in-the-middle attack and obtain Samsung Account token.
- risk 0.42cvss 6.5epss 0.01
Non-compliance of recommended secure coding scheme in Samsung Internet prior to version 14.0.1.62 allows attackers to display fake URL in address bar via phising URL link.
- risk 0.41cvss —epss 0.00
Improper authorization in Samsung Internet prior to version 30.0.0.39 allows local attackers to access sensitive information.
- risk 0.38cvss 5.9epss 0.00
Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to execute script codes in Samsung Internet.
- risk 0.37cvss 5.7epss 0.00
Improper authentication vulnerability in Samsung Internet prior to 16.0.2.19 allows attackers to bypass secret mode password authentication
- risk 0.36cvss 5.5epss 0.00
Improper privilege management vulnerability in Samsung Internet prior to version 25.0.0.41 allows local attackers to bypass protection for cookies.
- risk 0.35cvss 5.4epss 0.00
Missing proper interaction for opening deeplink in Samsung Internet prior to version v24.0.0.0 allows remote attackers to open an application without proper interaction.
- risk 0.35cvss 5.3epss 0.01
Unprotected component vulnerability in Samsung Internet prior to version 14.2 allows untrusted application to access internal files in Samsung Internet.
- risk 0.34cvss 5.3epss 0.00
Improper handling of granting permission for Trusted Web Activities in Samsung Internet prior to version 24.0.0.41 allows local attackers to grant permission to their own TWA WebApps without user interaction.
- risk 0.32cvss 4.9epss 0.00
Improper handling of insufficient permission in ClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0.0.59 allows local attackers to read and write arbitrary files.
- risk 0.29cvss 4.5epss 0.00
Improper handling of insufficient permission in SyncClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0.0.59 allows local attackers to access read and write arbitrary files.
- risk 0.28cvss 4.3epss 0.00
Improper authorization vulnerability in Samsung Internet prior to version 18.0.4.14 allows physical attackers to add bookmarks in secret mode without user authentication.
- risk 0.28cvss 4.3epss 0.01
Improper check in Loader in Samsung Internet prior to 17.0.1.69 allows attackers to spoof address bar via executing script.
- risk 0.27cvss 4.1epss 0.00
Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical attackers to guess stored credit card numbers.
Page 1 of 2