Filtered by vendor Samsung
Subscribe
Total
1547 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-20988 | 1 Samsung | 1 Android | 2026-03-20 | N/A | 5.0 MEDIUM |
| Improper verification of intent by broadcast receiver in Settings prior to SMR Mar-2026 Release 1 allows local attacker to launch arbitrary activity with Settings privilege. User interaction is required for triggering this vulnerability. | |||||
| CVE-2026-20989 | 1 Samsung | 1 Android | 2026-03-20 | N/A | 2.4 LOW |
| Improper verification of cryptographic signature in Font Settings prior to SMR Mar-2026 Release 1 allows physical attackers to use custom font. | |||||
| CVE-2026-20990 | 1 Samsung | 1 Android | 2026-03-20 | N/A | 8.1 HIGH |
| Improper export of android application components in Secure Folder prior to SMR Mar-2026 Release 1 allows local attackers to launch arbitrary activity with Secure Folder privilege. | |||||
| CVE-2026-20991 | 1 Samsung | 1 Android | 2026-03-20 | N/A | 4.4 MEDIUM |
| Improper privilege management in ThemeManager prior to SMR Mar-2026 Release 1 allows local privileged attackers to reuse trial contents. | |||||
| CVE-2026-20992 | 1 Samsung | 1 Android | 2026-03-20 | N/A | 3.3 LOW |
| Improper authorization in Settings prior to SMR Mar-2026 Release 1 allows local attacker to disable configuring the background data usage of application. | |||||
| CVE-2026-25202 | 1 Samsung | 1 Magicinfo 9 Server | 2026-03-10 | N/A | 9.8 CRITICAL |
| The database account and password are hardcoded, allowing login with the account to manipulate the database in MagicInfo9 Server.This issue affects MagicINFO 9 Server: less than 21.1090.1. | |||||
| CVE-2026-25201 | 1 Samsung | 1 Magicinfo 9 Server | 2026-03-10 | N/A | 8.8 HIGH |
| An unauthenticated user can upload arbitrary files to execute remote code, leading to privilege escalation in MagicInfo9 Server. This issue affects MagicINFO 9 Server: less than 21.1090.1. | |||||
| CVE-2026-25200 | 1 Samsung | 1 Magicinfo 9 Server | 2026-03-10 | N/A | 9.8 CRITICAL |
| A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without authentication, leading to Stored XSS, which can result in account takeover This issue affects MagicINFO 9 Server: less than 21.1090.1. | |||||
| CVE-2025-62817 | 1 Samsung | 14 Exynos 1280, Exynos 1280 Firmware, Exynos 1380 and 11 more | 2026-03-10 | N/A | 7.5 HIGH |
| An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2500. A NULL pointer dereference of session->ncp_hdr_buf in __pilot_parsing_ncp() causes a denial of service. | |||||
| CVE-2025-62814 | 1 Samsung | 10 Exynos 1280, Exynos 1280 Firmware, Exynos 1380 and 7 more | 2026-03-04 | N/A | 7.5 HIGH |
| An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, and 2400. A NULL pointer dereference of ft_handle in load_fw_utc_vector() causes a denial of service. | |||||
| CVE-2025-62815 | 1 Samsung | 10 Exynos 1380, Exynos 1380 Firmware, Exynos 1480 and 7 more | 2026-03-04 | N/A | 5.5 MEDIUM |
| An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, 1580, and 2500. A NULL pointer dereference of npu_proto_drv.ast.thread_ref in set_cpu_affinity() causes a denial of service. | |||||
| CVE-2025-66363 | 1 Samsung | 2 Exynos 2200, Exynos 2200 Firmware | 2026-03-04 | N/A | 7.5 HIGH |
| An issue was discovered in LBS in Samsung Mobile Processor Exynos 2200. There was no check for memory initialization within DL NAS Transport messages. | |||||
| CVE-2025-62816 | 1 Samsung | 14 Exynos 1280, Exynos 1280 Firmware, Exynos 1380 and 11 more | 2026-03-04 | N/A | 5.5 MEDIUM |
| An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2500. Unvalidated VS4L_VERTEXIOC_BOOTUP input leads to a denial of service. | |||||
| CVE-2026-20985 | 1 Samsung | 1 Members | 2026-02-25 | N/A | 4.3 MEDIUM |
| Improper input validation in Samsung Members prior to version 5.6.00.11 allows remote attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privilege. User interaction is required for triggering this vulnerability. | |||||
| CVE-2026-20986 | 1 Samsung | 1 Members | 2026-02-25 | N/A | 5.5 MEDIUM |
| Path traversal in Samsung Members prior to Chinese version 15.5.05.4 allows local attackers to overwrite data within Samsung Members. | |||||
| CVE-2025-21015 | 1 Samsung | 1 Android | 2026-02-24 | N/A | 4.0 MEDIUM |
| Path Traversal in Document scanner prior to SMR Aug-2025 Release 1 allows local attackers to delete file with Document scanner's privilege. | |||||
| CVE-2025-21014 | 1 Samsung | 1 Android | 2026-02-24 | N/A | 4.3 MEDIUM |
| Improper export of android application component in Emergency SoS prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information. | |||||
| CVE-2025-20909 | 1 Samsung | 1 Android | 2026-02-24 | N/A | 4.0 MEDIUM |
| Use of implicit intent for sensitive communication in Settings prior to SMR Mar-2025 Release 1 allows local attackers to access sensitive information. | |||||
| CVE-2025-20991 | 1 Samsung | 1 Android | 2026-02-10 | N/A | 4.0 MEDIUM |
| Improper export of Android application components in Bluetooth prior to SMR Jun-2025 Release 1 allows local attackers to make devices discoverable. | |||||
| CVE-2025-20992 | 1 Samsung | 1 Android | 2026-02-10 | N/A | 4.0 MEDIUM |
| Out-of-bound read in libsecimaging.camera.samsung.so prior to SMR Feb-2025 Release 1 allows local attackers to read out-of-bounds memory. | |||||