Skip to main content

Samsung

980 CVEs vendor

Monthly

CVE-2025-58346 MEDIUM This Month

Exynos 980 Firmware versions up to - is affected by allocation of resources without limits or throttling (CVSS 5.5).

Samsung Linux Exynos 980 Firmware Exynos 1280 Firmware Exynos 1380 Firmware +8
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-58345 MEDIUM This Month

Exynos 980 Firmware versions up to - is affected by allocation of resources without limits or throttling (CVSS 5.5).

Samsung Linux Exynos 1080 Firmware Exynos W920 Firmware Exynos 1380 Firmware +8
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-58344 MEDIUM This Month

Exynos 980 Firmware versions up to - is affected by allocation of resources without limits or throttling (CVSS 6.2).

Samsung Linux Exynos 1280 Firmware Exynos 980 Firmware Exynos 1580 Firmware +8
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-58343 MEDIUM This Month

Exynos 980 Firmware versions up to - is affected by allocation of resources without limits or throttling (CVSS 5.5).

Samsung Linux Exynos 1580 Firmware Exynos 1080 Firmware Exynos 1380 Firmware +8
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-58342 MEDIUM This Month

Exynos 980 Firmware versions up to - is affected by allocation of resources without limits or throttling (CVSS 6.2).

Samsung Linux Exynos 1480 Firmware Exynos 980 Firmware Exynos 1080 Firmware +8
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-58341 MEDIUM This Month

Exynos 980 Firmware versions up to - is affected by allocation of resources without limits or throttling (CVSS 6.2).

Samsung Linux Exynos 980 Firmware Exynos W930 Firmware Exynos 850 Firmware +8
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-58340 MEDIUM This Month

Exynos 980 Firmware versions up to - is affected by allocation of resources without limits or throttling (CVSS 6.2).

Samsung Linux Exynos 980 Firmware Exynos 1080 Firmware Exynos 850 Firmware +8
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-71143 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: clk: samsung: exynos-clkout: Assign .num before accessing .hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") annotated the hws member of 'struct clk_hw_onecell_data' with __counted_by, which informs the bounds sanitizer (UBSAN_BOUNDS) about the number of elements in .hws[], so that it can warn when .hws[] is accessed out of bounds.

Linux Samsung Buffer Overflow Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20976 HIGH This Week

Galaxy Store versions up to 4.6.02 contains a vulnerability that allows attackers to execute arbitrary script (CVSS 7.8).

RCE Samsung Galaxy Store
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20975 MEDIUM This Month

Cloud versions up to 5.6.11 contains a vulnerability that allows attackers to access specific files in arbitrary path (CVSS 5.5).

Samsung Cloud
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-53966 HIGH This Week

An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, and 1580. Incorrect Handling of the NL80211 vendor command leads to a buffer overflow during handling of an IOCTL message. [CVSS 8.4 HIGH]

Samsung Buffer Overflow Exynos 1380 Firmware Exynos 1580 Firmware Exynos 1480 Firmware +1
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-52517 MEDIUM This Month

An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500. A race condition in the issimian device driver results in a double free, leading to a denial of service. [CVSS 5.9 MEDIUM]

Samsung Denial Of Service Race Condition Exynos 1330 Firmware Exynos 1480 Firmware +4
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-52516 MEDIUM This Month

An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500. An invalid kernel address dereference in the issimian device driver leads to a denial of service. [CVSS 6.2 MEDIUM]

Samsung Linux Denial Of Service Exynos 1330 Firmware Exynos 1480 Firmware +4
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-52515 MEDIUM This Month

An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500. A race condition in the issimian device driver results in an out-of-bounds access, leading to a denial of service. [CVSS 5.1 MEDIUM]

Samsung Denial Of Service Race Condition Exynos 2400 Firmware Exynos 2500 Firmware +4
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-49495 HIGH This Week

An issue was discovered in the WiFi driver in Samsung Mobile Processor Exynos 1380, 1480, 2400, 1580. Mishandling of an NL80211 vendor command leads to a buffer overflow. [CVSS 8.4 HIGH]

Samsung Buffer Overflow Exynos 1580 Firmware Exynos 1380 Firmware Exynos 2400 Firmware +1
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-43706 HIGH This Week

An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2400, 1580, 9110, W920, W930, Modem 5123, and Modem 5400. Incorrect handling of RRC packets leads to a Denial of Service. [CVSS 7.5 HIGH]

Samsung Denial Of Service Exynos 990 Firmware Exynos 850 Firmware Modem 5400 Firmware +8
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-27807 CRITICAL Act Now

Samsung Exynos processors (multiple models including 980, 990, 2100, 2200, 2400) and modems have an out-of-bounds write via malformed NAS (Non-Access Stratum) packets. This baseband vulnerability can be exploited over the cellular network without user interaction, potentially affecting millions of devices.

Samsung Exynos 1080 Firmware Modem 5300 Firmware Exynos 2200 Firmware Exynos 980 Firmware +15
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-57836 HIGH This Week

An issue was discovered in Samsung Magician 6.3.0 through 8.3.2 on Windows. The installer creates a temporary folder with weak permissions during installation, allowing a non-admin user to perform DLL hijacking and escalate privileges. [CVSS 7.8 HIGH]

Samsung Windows Magician
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-52519 HIGH This Week

An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, and 2500. Improper validation of user-space input in the issimian device driver leads to information disclosure and a denial of service. [CVSS 7.1 HIGH]

Samsung Denial Of Service Information Disclosure Exynos 1580 Firmware Exynos 2500 Firmware +4
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-54326 HIGH This Week

An issue was discovered in Camera in Samsung Mobile Processor Exynos 1280 and 2200. Unnecessary registration of a hardware IP address in the Camera device driver can lead to a NULL pointer dereference, resulting in a denial of service.

Null Pointer Dereference Samsung Denial Of Service Exynos 2200 Firmware Exynos 1280 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-53965 MEDIUM This Month

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The function used to decode the SOR transparent container lacks bounds checking, which can cause a fatal error.

Buffer Overflow Samsung Modem 5300 Firmware Exynos 2200 Firmware Exynos 1280 Firmware +15
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-58487 MEDIUM This Month

A security vulnerability in Samsung Account (CVSS 4.0) that allows local attacker. Remediation should follow standard vulnerability management procedures.

Samsung Information Disclosure Account
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-58486 MEDIUM This Month

A security vulnerability in Samsung Account (CVSS 4.0) that allows local attacker. Remediation should follow standard vulnerability management procedures.

Samsung Information Disclosure Account
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-58485 MEDIUM This Month

A security vulnerability in Samsung Internet (CVSS 5.5) that allows local attackers. Remediation should follow standard vulnerability management procedures.

Samsung Code Injection Internet
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-58484 MEDIUM This Month

A security vulnerability in Samsung Cloud Assistant (CVSS 4.0) that allows local attacker. Remediation should follow standard vulnerability management procedures.

Samsung Information Disclosure
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-58483 MEDIUM This Month

A security vulnerability in Galaxy Store for Galaxy Watch (CVSS 5.9) that allows local attacker. Remediation should follow standard vulnerability management procedures.

Information Disclosure Galaxy Store Android Samsung
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-21080 MEDIUM This Month

A security vulnerability in Dynamic Lockscreen (CVSS 6.2) that allows local attackers. Remediation should follow standard vulnerability management procedures.

Information Disclosure Android Samsung
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-21079 HIGH This Month

Improper input validation in Samsung Members prior to version 5.5.01.3 allows remote attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privilege. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Members
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-21077 LOW Monitor

Improper input validation in Samsung Email prior to version 6.2.06.0 allows local attackers to launch arbitrary activity with Samsung Email privilege. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Email
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-21076 MEDIUM This Month

Improper handling of insufficient permissions or privileges in Samsung Account prior to version 15.5.00.18 allows local attackers to access data in Samsung Account. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Account
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-54335 MEDIUM This Month

An issue was discovered in the GPU driver in Samsung Mobile Processor Exynos 1480, 2400, 1580, 2500. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Samsung Information Disclosure Use After Free Exynos 1480 Firmware +3
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-52910 CRITICAL This Week

An issue was discovered in the GPU in Samsung Mobile Processor and Wearable Processor Exynos 1280, 2200, 1330, 1380, 1480, 2400. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Samsung Use After Free Privilege Escalation Exynos 1280 Firmware +5
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-27374 MEDIUM This Month

An issue was discovered in the Secure Boot component in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850, 1080, 1280, 2200, 1330, 1380, 1480, 2400. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Samsung Exynos 9825 Firmware Exynos 9820 Firmware +9
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-56426 HIGH This Month

An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Samsung Exynos 1080 Firmware Exynos 1280 Firmware +12
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-54327 MEDIUM This Month

An issue was discovered in VTS in Samsung Mobile Processor and Wearable Processor Exynos 1280, 2200, 1380, W920, W930, W1000. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Exynos 1280 Firmware Exynos 1380 Firmware Exynos 2200 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-49494 HIGH This Month

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 2100, 1280, 2200, 1330, 1380, 1480, 9110, Modem 5123. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Samsung Modem 5123 Firmware Exynos 1280 Firmware Exynos 1380 Firmware +5
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-54334 HIGH This Month

An issue was discovered in the NPU driver in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, 2500. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Samsung Exynos 1280 Firmware Exynos 1380 Firmware +5
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-52513 HIGH This Month

An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, 2500. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Samsung Exynos 1580 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-52512 HIGH This Month

An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, 2500. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Samsung Information Disclosure Exynos 1580 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-54333 MEDIUM This Month

An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Exynos 1380 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-54325 MEDIUM This Month

An issue was discovered in VTS in Samsung Mobile Processor and Wearable Processor Exynos 1080, 1280, 2200, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Information Disclosure Exynos 1080 Firmware Exynos 1280 Firmware +9
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-54332 HIGH This Month

An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Samsung Exynos 1380 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-54331 MEDIUM This Month

An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Exynos 1380 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-54330 MEDIUM This Month

An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Information Disclosure Exynos 1380 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-54329 HIGH This Month

An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000, Modem 5123,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Heap Overflow Exynos 1280 Firmware Exynos 1330 Firmware +16
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-54323 HIGH This Month

An issue was discovered in the camera in Samsung Mobile Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, and 1580. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Exynos 1080 Firmware Exynos 1280 Firmware Exynos 1330 Firmware +9
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-53542 MEDIUM PATCH This Month

CVE-2023-53542 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Samsung Information Disclosure Linux Red Hat Suse +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39801 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Remove WARN_ON for device endpoint command timeouts This commit addresses a rarely observed endpoint command timeout. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Samsung Information Disclosure Linux
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39788 HIGH PATCH CISA This Week

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE On Google gs101, the number of UTP transfer request slots (nutrs) is 32,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Linux Memory Corruption Buffer Overflow Google Samsung
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-21041 MEDIUM This Month

Insecure Storage of Sensitive Information in Secure Folder prior to Android 16 allows local attackers to access sensitive information. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android Samsung
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-21038 MEDIUM This Month

Improper verification of intent by SamsungExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sassistant Samsung
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-21037 MEDIUM Monitor

Improper access control in Samsung Notes prior to version 4.4.30.63 allows physical attackers to access data across multiple user profiles. Rated medium severity (CVSS 4.1), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Notes
NVD
CVSS 3.1
4.1
EPSS
0.0%
CVE-2025-21036 MEDIUM This Month

Improper access control in Samsung Notes prior to version 4.4.30.63 allows local privileged attackers to access exported note files. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Notes
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-21035 MEDIUM Monitor

Improper access control in Samsung Calendar prior to version 12.5.06.5 in Android 14 and 12.6.01.12 in Android 15 allows physical attackers to access data across multiple user profiles. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Calendar Android
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-21030 MEDIUM Monitor

Improper handling of insufficient permission in AppPrelaunchManagerService prior to SMR Sep-2025 Release 1 in Chinese Android 15 allows local attackers to execute arbitrary application in the. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android Samsung
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2023-21482 MEDIUM This Month

Missing authorization vulnerability in Camera prior to versions 11.1.02.18 in Android 11, 12.1.03.8 in Android 12 and 13.1.01.4 in Android 13 allows physical attackers to install package through. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Camera Android Samsung
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2023-21481 MEDIUM This Month

Improper URL input validation vulnerability in Samsung Account application prior to version 14.1.0.0 allows remote attackers to get sensitive information. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Account
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2023-21479 MEDIUM This Month

Improper authorization in Smart suggestions prior to SMR Apr-2023 Release 1 in Android 13 and 4.1.01.0 in Android 12 allows remote attackers to register a schedule. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android Smart Suggestions Samsung
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-21473 MEDIUM This Month

Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader. Rated medium severity (CVSS 6.8). No vendor patch available.

Samsung RCE Android
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2023-21472 MEDIUM This Month

Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader. Rated medium severity (CVSS 6.8). No vendor patch available.

Samsung RCE Android
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2023-21470 MEDIUM This Month

Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.NETWORK_LOCATION action. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2023-21469 MEDIUM This Month

Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.GEOFENCE action. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2023-21467 MEDIUM This Month

Error in 3GPP specification implementation in Exynos baseband prior to SMR Apr-2023 Release 1 allows incorrect handling of unencrypted message. Rated medium severity (CVSS 4.6). No vendor patch available.

Authentication Bypass Samsung Exynos
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-32100 MEDIUM This Month

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 9110, W920, W930, W1000, Modem 5123,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Buffer Overflow Information Disclosure Exynos 980 Firmware Exynos 990 Firmware +17
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-32098 MEDIUM This Month

An issue was discovered in Samsung Magician 6.3 through 8.3 on Windows. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Microsoft Privilege Escalation Magician Windows
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-21024 LOW Monitor

Use of Implicit Intent for Sensitive Communication in Smart View prior to Android 16 allows local attackers to access sensitive information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android Samsung
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-21023 LOW Monitor

Improper access control in WcsExtension for Galaxy Watch prior to Android Watch 16 allows local attackers to access sensitive information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android Samsung
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-21019 MEDIUM This Month

Improper authorization in Samsung Health prior to version 6.30.1.003 allows local attackers to access data in Samsung Health. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Health
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21016 MEDIUM Monitor

Improper access control in PkgPredictorService prior to SMR Aug-2025 Release 1 in Chinese Android 13, 14, 15 and 16 allows local attackers to use the privileged APIs. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android Samsung
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-21014 MEDIUM Monitor

Improper export of android application component in Emergency SoS prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android Samsung
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-21010 MEDIUM This Month

Improper privilege management in SamsungAccount prior to SMR Aug-2025 Release 1 allows local privileged attackers to deactivate Samsung account. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2024-45183 MEDIUM This Month

An issue was discovered in Samsung Mobile Processor Exynos 2100, 1280, 2200, 1330, 1380, 1480, and 2400. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Samsung Buffer Overflow Exynos 2100 Firmware Exynos 2200 Firmware +5
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-21009 MEDIUM This Month

Out-of-bounds read in decoding malformed frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.

Information Disclosure Buffer Overflow Android Samsung
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21008 MEDIUM This Month

Out-of-bounds read in decoding frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.

Information Disclosure Buffer Overflow Android Samsung
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21007 MEDIUM This Month

Out-of-bounds write in accessing uninitialized memory in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.

Buffer Overflow Memory Corruption Android Samsung
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21006 HIGH This Week

Out-of-bounds write in handling of macro blocks for MPEG4 codec in libsavsvc.so prior to Android 15 allows local attackers to write out-of-bounds memory.

Buffer Overflow Memory Corruption Android Samsung
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-21005 MEDIUM This Month

Improper access control in isemtelephony prior to Android 15 allows local attackers to access sensitive information.

Information Disclosure Android Samsung
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-20998 MEDIUM This Month

A security vulnerability in SamsungAccount for Galaxy Watch (CVSS 5.5) that allows local attackers. Remediation should follow standard vulnerability management procedures.

Information Disclosure Wear Os Samsung
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-47202 CRITICAL Act Now

In RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400, the lack of a length check leads to out-of-bounds writes.

Samsung Buffer Overflow Memory Corruption Exynos W930 Firmware Exynos 2100 Firmware +17
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-26780 HIGH This Week

An issue was discovered in L2 in Samsung Mobile Processor and Modem Exynos 2400 and Modem 5400. The lack of a length check leads to a Denial of Service via a malformed PDCP packet.

Samsung Denial Of Service Modem 5400 Firmware Exynos 2400 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-53076 CRITICAL PATCH Act Now

Improper Input Validation vulnerability in Samsung Open Source rLottie allows Overread Buffers.This issue affects rLottie: V0.2.

Information Disclosure Samsung Ubuntu Debian Rlottie
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-53074 CRITICAL PATCH Act Now

Out-of-bounds Read vulnerability in Samsung Open Source rLottie allows Overflow Buffers.This issue affects rLottie: V0.2.

Samsung Information Disclosure Buffer Overflow Ubuntu Debian +1
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-53075 CRITICAL PATCH Act Now

Improper Input Validation vulnerability in Samsung Open Source rLottie allows Path Traversal.This issue affects rLottie: V0.2.

Samsung Path Traversal Ubuntu Debian Rlottie
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-0634 CRITICAL PATCH Act Now

Use After Free vulnerability in Samsung Open Source rLottie allows Remote Code Inclusion.This issue affects rLottie: V0.2.

Samsung Use After Free Memory Corruption Denial Of Service Ubuntu +2
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-23106 MEDIUM This Month

An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation.

Use After Free Privilege Escalation Samsung Memory Corruption Exynos 1480 Firmware +2
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-23101 MEDIUM This Month

An issue was discovered in Samsung Mobile Processor Exynos 1380. A Use-After-Free in the mobile processor leads to privilege escalation.

Use After Free Privilege Escalation Samsung Memory Corruption Exynos 1380 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-23096 MEDIUM This Month

An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. A Double Free in the mobile processor leads to privilege escalation.

Privilege Escalation Samsung Exynos 2200 Firmware Exynos 1380 Firmware Exynos 2400 Firmware +2
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-23095 MEDIUM This Month

An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. A Double Free in the mobile processor leads to privilege escalation.

Privilege Escalation Samsung Exynos 1480 Firmware Exynos 2400 Firmware Exynos 1280 Firmware +2
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-20996 MEDIUM This Month

A security vulnerability in Smart Switch installed on non-Samsung Device (CVSS 5.0) that allows local attackers. Remediation should follow standard vulnerability management procedures.

Information Disclosure Samsung Smart Switch
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-20995 MEDIUM This Month

A arbitrary file access vulnerability in ClientProvider in Samsung Internet installed on non-Samsung Device (CVSS 4.9) that allows local attackers. Remediation should follow standard vulnerability management procedures.

Information Disclosure Samsung Internet
NVD
CVSS 3.1
4.9
EPSS
0.0%
EPSS 0% CVSS 5.5
MEDIUM This Month

Exynos 980 Firmware versions up to - is affected by allocation of resources without limits or throttling (CVSS 5.5).

Samsung Linux Exynos 980 Firmware +10
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Exynos 980 Firmware versions up to - is affected by allocation of resources without limits or throttling (CVSS 5.5).

Samsung Linux Exynos 1080 Firmware +10
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Exynos 980 Firmware versions up to - is affected by allocation of resources without limits or throttling (CVSS 6.2).

Samsung Linux Exynos 1280 Firmware +10
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Exynos 980 Firmware versions up to - is affected by allocation of resources without limits or throttling (CVSS 5.5).

Samsung Linux Exynos 1580 Firmware +10
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Exynos 980 Firmware versions up to - is affected by allocation of resources without limits or throttling (CVSS 6.2).

Samsung Linux Exynos 1480 Firmware +10
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Exynos 980 Firmware versions up to - is affected by allocation of resources without limits or throttling (CVSS 6.2).

Samsung Linux Exynos 980 Firmware +10
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Exynos 980 Firmware versions up to - is affected by allocation of resources without limits or throttling (CVSS 6.2).

Samsung Linux Exynos 980 Firmware +10
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: clk: samsung: exynos-clkout: Assign .num before accessing .hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") annotated the hws member of 'struct clk_hw_onecell_data' with __counted_by, which informs the bounds sanitizer (UBSAN_BOUNDS) about the number of elements in .hws[], so that it can warn when .hws[] is accessed out of bounds.

Linux Samsung Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Galaxy Store versions up to 4.6.02 contains a vulnerability that allows attackers to execute arbitrary script (CVSS 7.8).

RCE Samsung Galaxy Store
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Cloud versions up to 5.6.11 contains a vulnerability that allows attackers to access specific files in arbitrary path (CVSS 5.5).

Samsung Cloud
NVD
EPSS 0% CVSS 8.4
HIGH This Week

An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, and 1580. Incorrect Handling of the NL80211 vendor command leads to a buffer overflow during handling of an IOCTL message. [CVSS 8.4 HIGH]

Samsung Buffer Overflow Exynos 1380 Firmware +3
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500. A race condition in the issimian device driver results in a double free, leading to a denial of service. [CVSS 5.9 MEDIUM]

Samsung Denial Of Service Race Condition +6
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500. An invalid kernel address dereference in the issimian device driver leads to a denial of service. [CVSS 6.2 MEDIUM]

Samsung Linux Denial Of Service +6
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500. A race condition in the issimian device driver results in an out-of-bounds access, leading to a denial of service. [CVSS 5.1 MEDIUM]

Samsung Denial Of Service Race Condition +6
NVD
EPSS 0% CVSS 8.4
HIGH This Week

An issue was discovered in the WiFi driver in Samsung Mobile Processor Exynos 1380, 1480, 2400, 1580. Mishandling of an NL80211 vendor command leads to a buffer overflow. [CVSS 8.4 HIGH]

Samsung Buffer Overflow Exynos 1580 Firmware +3
NVD
EPSS 0% CVSS 7.5
HIGH This Week

An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2400, 1580, 9110, W920, W930, Modem 5123, and Modem 5400. Incorrect handling of RRC packets leads to a Denial of Service. [CVSS 7.5 HIGH]

Samsung Denial Of Service Exynos 990 Firmware +10
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Samsung Exynos processors (multiple models including 980, 990, 2100, 2200, 2400) and modems have an out-of-bounds write via malformed NAS (Non-Access Stratum) packets. This baseband vulnerability can be exploited over the cellular network without user interaction, potentially affecting millions of devices.

Samsung Exynos 1080 Firmware Modem 5300 Firmware +17
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An issue was discovered in Samsung Magician 6.3.0 through 8.3.2 on Windows. The installer creates a temporary folder with weak permissions during installation, allowing a non-admin user to perform DLL hijacking and escalate privileges. [CVSS 7.8 HIGH]

Samsung Windows Magician
NVD
EPSS 0% CVSS 7.1
HIGH This Week

An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, and 2500. Improper validation of user-space input in the issimian device driver leads to information disclosure and a denial of service. [CVSS 7.1 HIGH]

Samsung Denial Of Service Information Disclosure +6
NVD
EPSS 0% CVSS 7.5
HIGH This Week

An issue was discovered in Camera in Samsung Mobile Processor Exynos 1280 and 2200. Unnecessary registration of a hardware IP address in the Camera device driver can lead to a NULL pointer dereference, resulting in a denial of service.

Null Pointer Dereference Samsung Denial Of Service +2
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The function used to decode the SOR transparent container lacks bounds checking, which can cause a fatal error.

Buffer Overflow Samsung Modem 5300 Firmware +17
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

A security vulnerability in Samsung Account (CVSS 4.0) that allows local attacker. Remediation should follow standard vulnerability management procedures.

Samsung Information Disclosure Account
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

A security vulnerability in Samsung Account (CVSS 4.0) that allows local attacker. Remediation should follow standard vulnerability management procedures.

Samsung Information Disclosure Account
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A security vulnerability in Samsung Internet (CVSS 5.5) that allows local attackers. Remediation should follow standard vulnerability management procedures.

Samsung Code Injection Internet
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

A security vulnerability in Samsung Cloud Assistant (CVSS 4.0) that allows local attacker. Remediation should follow standard vulnerability management procedures.

Samsung Information Disclosure
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

A security vulnerability in Galaxy Store for Galaxy Watch (CVSS 5.9) that allows local attacker. Remediation should follow standard vulnerability management procedures.

Information Disclosure Galaxy Store Android +1
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

A security vulnerability in Dynamic Lockscreen (CVSS 6.2) that allows local attackers. Remediation should follow standard vulnerability management procedures.

Information Disclosure Android Samsung
NVD
EPSS 0% CVSS 7.1
HIGH This Month

Improper input validation in Samsung Members prior to version 5.5.01.3 allows remote attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privilege. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Members
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Improper input validation in Samsung Email prior to version 6.2.06.0 allows local attackers to launch arbitrary activity with Samsung Email privilege. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Email
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper handling of insufficient permissions or privileges in Samsung Account prior to version 15.5.00.18 allows local attackers to access data in Samsung Account. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Account
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue was discovered in the GPU driver in Samsung Mobile Processor Exynos 1480, 2400, 1580, 2500. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Samsung Information Disclosure +5
NVD
EPSS 0% CVSS 9.8
CRITICAL This Week

An issue was discovered in the GPU in Samsung Mobile Processor and Wearable Processor Exynos 1280, 2200, 1330, 1380, 1480, 2400. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Samsung Use After Free +7
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

An issue was discovered in the Secure Boot component in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850, 1080, 1280, 2200, 1330, 1380, 1480, 2400. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Samsung +11
NVD
EPSS 0% CVSS 7.5
HIGH This Month

An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Samsung +14
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue was discovered in VTS in Samsung Mobile Processor and Wearable Processor Exynos 1280, 2200, 1380, W920, W930, W1000. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Exynos 1280 Firmware +2
NVD
EPSS 0% CVSS 7.5
HIGH This Month

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 2100, 1280, 2200, 1330, 1380, 1480, 9110, Modem 5123. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Samsung Modem 5123 Firmware +7
NVD
EPSS 0% CVSS 7.5
HIGH This Month

An issue was discovered in the NPU driver in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, 2500. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Samsung +7
NVD
EPSS 0% CVSS 7.5
HIGH This Month

An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, 2500. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +4
NVD
EPSS 0% CVSS 7.5
HIGH This Month

An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, 2500. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Samsung +4
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Exynos 1380 Firmware
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

An issue was discovered in VTS in Samsung Mobile Processor and Wearable Processor Exynos 1080, 1280, 2200, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Information Disclosure +11
NVD
EPSS 0% CVSS 7.5
HIGH This Month

An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Samsung +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Exynos 1380 Firmware
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Information Disclosure +1
NVD
EPSS 0% CVSS 7.5
HIGH This Month

An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000, Modem 5123,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Heap Overflow +18
NVD
EPSS 0% CVSS 7.5
HIGH This Month

An issue was discovered in the camera in Samsung Mobile Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, and 1580. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Exynos 1080 Firmware +11
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

CVE-2023-53542 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Samsung Information Disclosure Linux +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Remove WARN_ON for device endpoint command timeouts This commit addresses a rarely observed endpoint command timeout. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Samsung Information Disclosure Linux
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE On Google gs101, the number of UTP transfer request slots (nutrs) is 32,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Linux Memory Corruption Buffer Overflow +2
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Insecure Storage of Sensitive Information in Secure Folder prior to Android 16 allows local attackers to access sensitive information. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android Samsung
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

Improper verification of intent by SamsungExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sassistant Samsung
NVD
EPSS 0% CVSS 4.1
MEDIUM Monitor

Improper access control in Samsung Notes prior to version 4.4.30.63 allows physical attackers to access data across multiple user profiles. Rated medium severity (CVSS 4.1), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Notes
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Improper access control in Samsung Notes prior to version 4.4.30.63 allows local privileged attackers to access exported note files. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Notes
NVD
EPSS 0% CVSS 4.6
MEDIUM Monitor

Improper access control in Samsung Calendar prior to version 12.5.06.5 in Android 14 and 12.6.01.12 in Android 15 allows physical attackers to access data across multiple user profiles. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Calendar +1
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

Improper handling of insufficient permission in AppPrelaunchManagerService prior to SMR Sep-2025 Release 1 in Chinese Android 15 allows local attackers to execute arbitrary application in the. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android Samsung
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Missing authorization vulnerability in Camera prior to versions 11.1.02.18 in Android 11, 12.1.03.8 in Android 12 and 13.1.01.4 in Android 13 allows physical attackers to install package through. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Camera Android +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Improper URL input validation vulnerability in Samsung Account application prior to version 14.1.0.0 allows remote attackers to get sensitive information. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Account
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Improper authorization in Smart suggestions prior to SMR Apr-2023 Release 1 in Android 13 and 4.1.01.0 in Android 12 allows remote attackers to register a schedule. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android Smart Suggestions +1
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader. Rated medium severity (CVSS 6.8). No vendor patch available.

Samsung RCE Android
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader. Rated medium severity (CVSS 6.8). No vendor patch available.

Samsung RCE Android
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.NETWORK_LOCATION action. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.GEOFENCE action. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Error in 3GPP specification implementation in Exynos baseband prior to SMR Apr-2023 Release 1 allows incorrect handling of unencrypted message. Rated medium severity (CVSS 4.6). No vendor patch available.

Authentication Bypass Samsung Exynos
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 9110, W920, W930, W1000, Modem 5123,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Buffer Overflow Information Disclosure +19
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

An issue was discovered in Samsung Magician 6.3 through 8.3 on Windows. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Microsoft Privilege Escalation +2
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Use of Implicit Intent for Sensitive Communication in Smart View prior to Android 16 allows local attackers to access sensitive information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android Samsung
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Improper access control in WcsExtension for Galaxy Watch prior to Android Watch 16 allows local attackers to access sensitive information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android Samsung
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper authorization in Samsung Health prior to version 6.30.1.003 allows local attackers to access data in Samsung Health. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Health
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

Improper access control in PkgPredictorService prior to SMR Aug-2025 Release 1 in Chinese Android 13, 14, 15 and 16 allows local attackers to use the privileged APIs. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android Samsung
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

Improper export of android application component in Emergency SoS prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android Samsung
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

Improper privilege management in SamsungAccount prior to SMR Aug-2025 Release 1 allows local privileged attackers to deactivate Samsung account. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue was discovered in Samsung Mobile Processor Exynos 2100, 1280, 2200, 1330, 1380, 1480, and 2400. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Samsung Buffer Overflow +7
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Out-of-bounds read in decoding malformed frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.

Information Disclosure Buffer Overflow Android +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Out-of-bounds read in decoding frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.

Information Disclosure Buffer Overflow Android +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Out-of-bounds write in accessing uninitialized memory in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.

Buffer Overflow Memory Corruption Android +1
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Out-of-bounds write in handling of macro blocks for MPEG4 codec in libsavsvc.so prior to Android 15 allows local attackers to write out-of-bounds memory.

Buffer Overflow Memory Corruption Android +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper access control in isemtelephony prior to Android 15 allows local attackers to access sensitive information.

Information Disclosure Android Samsung
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A security vulnerability in SamsungAccount for Galaxy Watch (CVSS 5.5) that allows local attackers. Remediation should follow standard vulnerability management procedures.

Information Disclosure Wear Os Samsung
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

In RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400, the lack of a length check leads to out-of-bounds writes.

Samsung Buffer Overflow Memory Corruption +19
NVD
EPSS 0% CVSS 7.5
HIGH This Week

An issue was discovered in L2 in Samsung Mobile Processor and Modem Exynos 2400 and Modem 5400. The lack of a length check leads to a Denial of Service via a malformed PDCP packet.

Samsung Denial Of Service Modem 5400 Firmware +1
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Improper Input Validation vulnerability in Samsung Open Source rLottie allows Overread Buffers.This issue affects rLottie: V0.2.

Information Disclosure Samsung Ubuntu +2
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Out-of-bounds Read vulnerability in Samsung Open Source rLottie allows Overflow Buffers.This issue affects rLottie: V0.2.

Samsung Information Disclosure Buffer Overflow +3
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Improper Input Validation vulnerability in Samsung Open Source rLottie allows Path Traversal.This issue affects rLottie: V0.2.

Samsung Path Traversal Ubuntu +2
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Use After Free vulnerability in Samsung Open Source rLottie allows Remote Code Inclusion.This issue affects rLottie: V0.2.

Samsung Use After Free Memory Corruption +4
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation.

Use After Free Privilege Escalation Samsung +4
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue was discovered in Samsung Mobile Processor Exynos 1380. A Use-After-Free in the mobile processor leads to privilege escalation.

Use After Free Privilege Escalation Samsung +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. A Double Free in the mobile processor leads to privilege escalation.

Privilege Escalation Samsung Exynos 2200 Firmware +4
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. A Double Free in the mobile processor leads to privilege escalation.

Privilege Escalation Samsung Exynos 1480 Firmware +4
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

A security vulnerability in Smart Switch installed on non-Samsung Device (CVSS 5.0) that allows local attackers. Remediation should follow standard vulnerability management procedures.

Information Disclosure Samsung Smart Switch
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

A arbitrary file access vulnerability in ClientProvider in Samsung Internet installed on non-Samsung Device (CVSS 4.9) that allows local attackers. Remediation should follow standard vulnerability management procedures.

Information Disclosure Samsung Internet
NVD
Prev Page 2 of 11 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy