Every CVE whose affected-product data names Samsung Galaxy Store, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (31)
CVE-2026-20976 — CVSS 7.8 (high): Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script.
CVE-2022-33708 — CVSS 7.8 (high): Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch…
CVE-2022-33709 — CVSS 7.8 (high): Improper input validation vulnerability in ApexPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch…
CVE-2022-33710 — CVSS 7.8 (high): Improper input validation vulnerability in BillingPackageInsraller in Galaxy Store prior to version 4.5.41.8 allows local attackers to…
CVE-2023-21433 — CVSS 7.8 (high): Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy…
CVE-2023-21516 — CVSS 7.5 (high): XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from…
CVE-2023-21515 — CVSS 7.5 (high): InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to…
CVE-2022-22288 — CVSS 7.5 (high): Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist.
CVE-2023-42581 — CVSS 7.5 (high): Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to…
CVE-2023-42580 — CVSS 7.5 (high): Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to…
CVE-2023-21514 — CVSS 7.5 (high): Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API…
CVE-2021-25499 — CVSS 7.1 (high): Intent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4 allows attacker to access…
CVE-2023-30705 — CVSS 6.8 (medium): Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.56.6?allows local attackers to access privileged content…
CVE-2022-28542 — CVSS 6.8 (medium): Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5 allows local attackers to access privileged content…
CVE-2023-21483 — CVSS 6.4 (medium): Improper Access Control vulnerability in Galaxy Store prior to version 4.5.53.6 allows local attacker to access protected data using…
CVE-2022-28544 — CVSS 6.2 (medium): Path traversal vulnerability in unzip method of InstallAgentCommonHelper in Galaxy store prior to version 4.5.40.5 allows attacker to…
CVE-2023-21434 — CVSS 6.2 (medium): Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching…
CVE-2022-28791 — CVSS 6.2 (medium): Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 allows attacker to overwrite files stored…
CVE-2025-58483 — CVSS 5.9 (medium): Improper export of android application components in Galaxy Store for Galaxy Watch prior to version 1.0.06.29 allows local attacker to…
CVE-2024-34601 — CVSS 5.9 (medium): Improper verification of intent by broadcast receiver vulnerability in GalaxyStore prior to version 4.5.81.0 allows local attackers to…
CVE-2022-28776 — CVSS 5.9 (medium): Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store…
CVE-2026-21002 — CVSS 5.5 (medium): Improper verification of cryptographic signature in Galaxy Store prior to version 4.6.03.8 allows local attacker to install arbitrary…
CVE-2024-20822 — CVSS 5.5 (medium): Implicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6 allows local attackers to access…
CVE-2024-20823 — CVSS 5.5 (medium): Implicit intent hijacking vulnerability in SamsungAccount of Galaxy Store prior to version 4.5.63.6 allows local attackers to access…
CVE-2024-20824 — CVSS 5.5 (medium): Implicit intent hijacking vulnerability in VoiceSearch of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive…
CVE-2024-20825 — CVSS 5.5 (medium): Implicit intent hijacking vulnerability in IAP of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive…
CVE-2026-21000 — CVSS 5.5 (medium): Improper access control in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege.
CVE-2026-21001 — CVSS 5.5 (medium): Path traversal in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege.
CVE-2024-20870 — CVSS 5.1 (medium): Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to…
CVE-2025-20951 — CVSS 5.1 (medium): Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.90.7 allows local attackers to…
CVE-2025-20895 — CVSS 3.2 (low): Authentication Bypass Using an Alternate Path in Galaxy Store prior to version 4.5.87.6 allows physical attackers to install arbitrary…