Total
447 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-21015 | 1 Samsung | 1 Android | 2026-02-24 | N/A | 4.0 MEDIUM |
|
Path Traversal in Document scanner prior to SMR Aug-2025 Release 1 allows local attackers to delete file with Document scanner's privilege.
|
|||||
| CVE-2025-21014 | 1 Samsung | 1 Android | 2026-02-24 | N/A | 4.3 MEDIUM |
|
Improper export of android application component in Emergency SoS prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information.
|
|||||
| CVE-2025-20909 | 1 Samsung | 1 Android | 2026-02-24 | N/A | 4.0 MEDIUM |
|
Use of implicit intent for sensitive communication in Settings prior to SMR Mar-2025 Release 1 allows local attackers to access sensitive information.
|
|||||
| CVE-2025-20991 | 1 Samsung | 1 Android | 2026-02-10 | N/A | 4.0 MEDIUM |
|
Improper export of Android application components in Bluetooth prior to SMR Jun-2025 Release 1 allows local attackers to make devices discoverable.
|
|||||
| CVE-2025-20992 | 1 Samsung | 1 Android | 2026-02-10 | N/A | 4.0 MEDIUM |
|
Out-of-bound read in libsecimaging.camera.samsung.so prior to SMR Feb-2025 Release 1 allows local attackers to read out-of-bounds memory.
|
|||||
| CVE-2025-20993 | 1 Samsung | 1 Android | 2026-02-10 | N/A | 4.0 MEDIUM |
|
Out-of-bounds write in libsecimaging.camera.samsung.so prior to SMR Jun-2025 Release 1 allows local attackers to write out-of-bounds memory.
|
|||||
| CVE-2025-20989 | 1 Samsung | 1 Android | 2026-02-10 | N/A | 5.2 MEDIUM |
|
Improper logging in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a hmac_key.
|
|||||
| CVE-2025-20988 | 1 Samsung | 1 Android | 2026-02-10 | N/A | 5.5 MEDIUM |
|
Out-of-bounds read in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to read out-of-bounds memory.
|
|||||
| CVE-2025-20987 | 1 Samsung | 1 Android | 2026-02-10 | N/A | 5.2 MEDIUM |
|
Improper access control in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a auth_token.
|
|||||
| CVE-2025-20985 | 1 Samsung | 1 Android | 2026-02-10 | N/A | 5.5 MEDIUM |
|
Improper privilege management in ThemeManager prior to SMR Jun-2025 Release 1 allows local privileged attackers to reuse trial items.
|
|||||
| CVE-2025-20981 | 1 Samsung | 1 Android | 2026-02-10 | N/A | 6.2 MEDIUM |
|
Improper access control in AudioService prior to SMR Jun-2025 Release 1 allows local attackers to access sensitive information.
|
|||||
| CVE-2026-20977 | 1 Samsung | 1 Android | 2026-02-05 | N/A | 5.5 MEDIUM |
|
Improper access control in Emergency Sharing prior to SMR Feb-2026 Release 1 allows local attackers to interrupt its functioning.
|
|||||
| CVE-2026-20978 | 1 Samsung | 1 Android | 2026-02-05 | N/A | 6.1 MEDIUM |
|
Improper authorization in KnoxGuardManager prior to SMR Feb-2026 Release 1 allows local attackers to bypass the persistence configuration of the application.
|
|||||
| CVE-2026-20983 | 1 Samsung | 1 Android | 2026-02-05 | N/A | 7.8 HIGH |
|
Improper export of android application components in Samsung Dialer prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Samsung Dialer privilege.
|
|||||
| CVE-2026-20982 | 1 Samsung | 1 Android | 2026-02-05 | N/A | 6.0 MEDIUM |
|
Path traversal in ShortcutService prior to SMR Feb-2026 Release 1 allows privileged local attacker to create file with system privilege.
|
|||||
| CVE-2026-20981 | 1 Samsung | 1 Android | 2026-02-05 | N/A | 6.6 MEDIUM |
|
Improper input validation in FacAtFunction prior to SMR Feb-2026 Release 1 allows privileged physical attacker to execute arbitrary command with system privilege.
|
|||||
| CVE-2026-20979 | 1 Samsung | 1 Android | 2026-02-05 | N/A | 7.8 HIGH |
|
Improper privilege management in Settings prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Settings privilege.
|
|||||
| CVE-2026-20980 | 1 Samsung | 1 Android | 2026-02-05 | N/A | 6.8 MEDIUM |
|
Improper input validation in PACM prior to SMR Feb-2026 Release 1 allows physical attacker to execute arbitrary commands.
|
|||||
| CVE-2025-20903 | 1 Samsung | 1 Android | 2026-02-05 | N/A | 7.3 HIGH |
|
Improper access control in SecSettingsIntelligence prior to SMR Mar-2025 Release 1 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2025-20908 | 1 Samsung | 1 Android | 2026-02-05 | N/A | 6.5 MEDIUM |
|
Use of insufficiently random values in Auracast prior to SMR Mar-2025 Release 1 allows adjacent attackers to access Auracast broadcasting.
|
|||||
| CVE-2025-20941 | 1 Samsung | 1 Android | 2026-02-05 | N/A | 6.2 MEDIUM |
|
Improper access control in InputManager to SMR Apr-2025 Release 1 allows local attackers to access the scancode of specific input device.
|
|||||
| CVE-2025-20942 | 1 Samsung | 1 Android | 2026-02-05 | N/A | 4.4 MEDIUM |
|
Improper Verification of Intent by Broadcast Receiver in DeviceIdService prior to SMR Apr-2025 Release 1 allows local attackers to reset OAID.
|
|||||
| CVE-2025-20943 | 1 Samsung | 1 Android | 2026-02-05 | N/A | 6.4 MEDIUM |
|
Out-of-bounds write in secfr trustlet prior to SMR Apr-2025 Release 1 allows local privileged attackers to cause memory corruption.
|
|||||
| CVE-2025-20944 | 1 Samsung | 1 Android | 2026-02-05 | N/A | 6.2 MEDIUM |
|
Out-of-bounds read in parsing audio data in libsavsac.so prior to SMR Apr-2025 Release 1 allows local attackers to read out-of-bounds memory.
|
|||||
| CVE-2025-20947 | 1 Samsung | 1 Android | 2026-02-05 | N/A | 5.5 MEDIUM |
|
Improper handling of insufficient permission or privileges in ClipboardService prior to SMR Apr-2025 Release 1 allows local attackers to access image files across multiple users. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2025-20948 | 1 Samsung | 1 Android | 2026-02-05 | N/A | 5.5 MEDIUM |
|
Out-of-bounds read in enrollment with cdsp frame secfr trustlet prior to SMR Apr-2025 Release 1 allows local privileged attackers to read out-of-bounds memory.
|
|||||
| CVE-2025-20938 | 1 Samsung | 1 Android | 2026-02-05 | N/A | 5.5 MEDIUM |
|
Improper access control in SamsungContacts prior to SMR Apr-2025 Release 1 allows local attackers to access protected data in SamsungContacts.
|
|||||
| CVE-2025-20952 | 1 Samsung | 1 Android | 2026-02-02 | N/A | 5.5 MEDIUM |
|
Improper access control in Mdecservice prior to SMR Apr-2025 Release 1 allows local attackers to access arbitrary files with system privilege.
|
|||||
| CVE-2026-20974 | 1 Samsung | 1 Android | 2026-02-02 | N/A | 4.6 MEDIUM |
|
Improper input validation in data related to network restrictions prior to SMR Jan-2026 Release 1 allows physical attackers to bypass Carrier Relock.
|
|||||
| CVE-2026-20973 | 1 Samsung | 1 Android | 2026-02-02 | N/A | 5.3 MEDIUM |
|
Out-of-bounds read in libimagecodec.quram.so prior to SMR Jan-2026 Release 1 allows remote attacker to access out-of-bounds memory.
|
|||||
| CVE-2024-49422 | 1 Samsung | 1 Android | 2026-02-02 | N/A | 5.2 MEDIUM |
|
Protection Mechanism Failure in bootloader prior to SMR Oct-2024 Release 1 allows physical attackers to reset lockscreen failure count by hardware fault injection. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2025-20966 | 1 Samsung | 2 Android, Gallery | 2026-01-30 | N/A | 4.6 MEDIUM |
|
Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows physical attackers to access data across multiple user profiles.
|
|||||
| CVE-2025-20967 | 1 Samsung | 2 Android, Gallery | 2026-01-30 | N/A | 5.1 MEDIUM |
|
Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows attackers to read and write arbitrary file with the privilege of Samsung Gallery.
|
|||||
| CVE-2025-20968 | 1 Samsung | 2 Android, Gallery | 2026-01-30 | N/A | 7.2 HIGH |
|
Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows remote attackers to access data and perform internal operations within Samsung Gallery.
|
|||||
| CVE-2025-20969 | 1 Samsung | 2 Android, Gallery | 2026-01-30 | N/A | 5.5 MEDIUM |
|
Improper input validation in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows local attackers to access data within Samsung Gallery.
|
|||||
| CVE-2023-21477 | 1 Samsung | 1 Android | 2026-01-28 | N/A | 7.9 HIGH |
|
Access of Memory Location After End of Buffer vulnerability in TIGERF trustlet prior to SMR Apr-2023 Release 1 allows local attackers to access protected data.
|
|||||
| CVE-2023-21479 | 1 Samsung | 2 Android, Smart Suggestions | 2026-01-28 | N/A | 5.3 MEDIUM |
|
Improper authorization in Smart suggestions prior to SMR Apr-2023 Release 1 in Android 13 and 4.1.01.0 in Android 12 allows remote attackers to register a schedule.
|
|||||
| CVE-2025-20936 | 1 Samsung | 1 Android | 2026-01-22 | N/A | 8.8 HIGH |
|
Improper access control in HDCP trustlet prior to SMR Apr-2025 Release 1 allows local attackers with shell privilege to escalate their privileges to root.
|
|||||
| CVE-2026-20969 | 1 Samsung | 1 Android | 2026-01-15 | N/A | 5.5 MEDIUM |
|
Improper input validation in SecSettings prior to SMR Jan-2026 Release 1 allows local attacker to access file with system privilege. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2026-20972 | 1 Samsung | 1 Android | 2026-01-15 | N/A | 3.3 LOW |
|
Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows local attackers to enable UWB.
|
|||||