Samsung Galaxy_store
31 CVEs affecting Samsung Galaxy_store. Latest disclosed: 2026-03-16. Critical: 0, High: 12.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-20976 | High | 7.8 | 2026-01-09 | Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script. |
CVE-2023-21433 | High | 7.8 | 2023-02-09 | Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store. |
CVE-2022-33710 | High | 7.8 | 2022-07-12 | Improper input validation vulnerability in BillingPackageInsraller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Gal… |
CVE-2022-33709 | High | 7.8 | 2022-07-12 | Improper input validation vulnerability in ApexPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy… |
CVE-2022-33708 | High | 7.8 | 2022-07-12 | Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy… |
CVE-2023-42581 | High | 7.5 | 2023-12-05 | Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data. |
CVE-2023-42580 | High | 7.5 | 2023-12-05 | Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to install APK from Galaxy… |
CVE-2023-21516 | High | 7.5 | 2023-05-26 | XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. |
CVE-2023-21515 | High | 7.5 | 2023-05-26 | InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript AP… |
CVE-2023-21514 | High | 7.5 | 2023-05-26 | Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from G… |
CVE-2022-22288 | High | 7.5 | 2022-01-10 | Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist. |
CVE-2021-25499 | High | 7.1 | 2021-10-06 | Intent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4 allows attacker to access content provider of Gal… |
CVE-2023-30705 | Medium | 6.8 | 2023-08-10 | Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.56.6?allows local attackers to access privileged content providers as Galaxy Stor… |
CVE-2022-28542 | Medium | 6.8 | 2022-04-11 | Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5 allows local attackers to access privileged content providers as Galaxy Stor… |
CVE-2023-21483 | Medium | 6.4 | 2025-09-03 | Improper Access Control vulnerability in Galaxy Store prior to version 4.5.53.6 allows local attacker to access protected data using exported service. |
CVE-2023-21434 | Medium | 6.2 | 2023-02-09 | Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page. |
CVE-2022-28791 | Medium | 6.2 | 2022-05-03 | Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 allows attacker to overwrite files stored in a specific path… |
CVE-2022-28544 | Medium | 6.2 | 2022-04-11 | Path traversal vulnerability in unzip method of InstallAgentCommonHelper in Galaxy store prior to version 4.5.40.5 allows attacker to access the file of Galaxy… |
CVE-2025-58483 | Medium | 5.9 | 2025-12-02 | Improper export of android application components in Galaxy Store for Galaxy Watch prior to version 1.0.06.29 allows local attacker to install arbitrary applic… |
CVE-2024-34601 | Medium | 5.9 | 2024-07-02 | Improper verification of intent by broadcast receiver vulnerability in GalaxyStore prior to version 4.5.81.0 allows local attackers to launch unexported activi… |