Every CVE whose affected-product data names Samsung Members, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2021-25374 — CVSS 8.6 (high): An improper authorization vulnerability in Samsung Members "samsungrewards" scheme for deeplink in versions 2.4.83.9 in Android O(8.1) and…
CVE-2021-25438 — CVSS 7.8 (high): Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android…
CVE-2025-21079 — CVSS 7.1 (high): Improper input validation in Samsung Members prior to version 5.5.01.3 allows remote attackers to connect arbitrary URL and launch…
CVE-2026-21037 — CVSS 7.1 (high): Improper input validation in Samsung Members prior to version 5.8.01.5 allows local attackers to access arbitrary URL and launch arbitrary…
CVE-2026-20986 — CVSS 5.5 (medium): Path traversal in Samsung Members prior to Chinese version 15.5.05.4 allows local attackers to overwrite data within Samsung Members.
CVE-2025-20949 — CVSS 5.1 (medium): Path traversal vulnerability in Samsung Members prior to version 5.0.00.11 allows attackers to read and write arbitrary file with the…
CVE-2025-20898 — CVSS 4.6 (medium): Improper input validation in Samsung Members prior to version 5.2.00.12 allows physical attackers to access data across multiple user…
CVE-2022-28777 — CVSS 4.3 (medium): Improper access control vulnerability in Samsung Members prior to version 13.6.08.5 allows local attacker to execute call function without…
CVE-2026-20985 — CVSS 4.3 (medium): Improper input validation in Samsung Members prior to version 5.6.00.11 allows remote attackers to connect arbitrary URL and launch…
CVE-2021-25342 — CVSS 4.0 (medium): Calling of non-existent provider in SMP sdk prior to version 3.0.9 allows unauthorized actions including denial of service attack by…
CVE-2021-25343 — CVSS 4.0 (medium): Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android…
CVE-2022-30748 — CVSS 4.0 (medium): Unprotected dynamic receiver in Samsung Members prior to version 4.2.005 allows attacker to launch arbitrary activity.
CVE-2023-30703 — CVSS 3.3 (low): Improper URL validation vulnerability in Samsung Members prior to version 14.0.07.1 allows attackers to access sensitive information.
CVE-2021-25439 — CVSS 3.3 (low): Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android…