980
CVEs
114
Critical
354
High
4
KEV
120
PoC
446
Unpatched C/H
4.8%
Patch Rate
1.4%
Avg EPSS
Severity Breakdown
CRITICAL
114
HIGH
354
MEDIUM
439
LOW
71
Monthly CVE Trend
Affected Products (30)
Android
205
Exynos 1380 Firmware
106
Exynos 1280 Firmware
100
Exynos 980 Firmware
95
Exynos 1080 Firmware
81
Exynos 1330 Firmware
80
Exynos 850 Firmware
78
Exynos 1480 Firmware
77
Exynos 2200 Firmware
74
Exynos 2400 Firmware
66
Exynos W920 Firmware
60
Notes
57
Exynos 2100 Firmware
52
Exynos W930 Firmware
50
Sth Eth 250 Firmware
40
Exynos Modem 5300 Firmware
38
Exynos 9110 Firmware
37
Exynos Modem 5123 Firmware
36
Exynos 990 Firmware
36
Exynos W1000 Firmware
33
Exynos 1580 Firmware
32
Account
28
Samsung Mobile
27
Internet
26
Exynos 9820 Firmware
23
Exynos Auto T5123 Firmware
21
Linux Kernel
17
Exynos 2500 Firmware
16
Exynos 9825 Firmware
15
Mtower
13
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2024-7399 | Arbitrary file write as SYSTEM in Samsung MagicINFO 9 Server before version 21.1050 allows remote attackers to place attacker-controlled files anywhere on the server filesystem via a path traversal flaw. The issue is confirmed actively exploited (CISA KEV) with publicly available exploit code and an EPSS score of 71% (99th percentile), making it one of the highest-priority remediation items currently tracked. | HIGH | 8.8 | 71.0% | 200 |
KEV
PoC
No patch
|
| CVE-2025-4632 | Samsung MagicINFO 9 Server contains a path traversal vulnerability allowing unauthenticated attackers to write arbitrary files as SYSTEM authority, enabling complete server compromise. | CRITICAL | 9.8 | 49.2% | 168 |
KEV
PoC
|
| CVE-2012-4333 | Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0 ActiveX controls in Samsung NET-i viewer 1.37.120316 allow remote attackers to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 69.4%. | CRITICAL | 10.0 | 69.4% | 154 |
PoC
No patch
|
| CVE-2017-16524 | Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated attackers to upload and execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 74.7%. | HIGH | 8.8 | 74.7% | 154 |
PoC
No patch
|
| CVE-2015-8279 | Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an unspecified PHP script. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 67.9%. | HIGH | 8.6 | 67.9% | 146 |
PoC
No patch
|
| CVE-2017-17692 | Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 67.5%. | HIGH | 7.5 | 67.5% | 125 |
PoC
No patch
|
| CVE-2012-6429 | Buffer overflow in the PrepareSync method in the SyncService.dll ActiveX control in Samsung Kies before 2.5.1.12123_2_7 allows remote attackers to execute arbitrary code via a long string to the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 49.9%. | CRITICAL | 10.0 | 49.9% | 120 |
PoC
No patch
|
| CVE-2012-4329 | The Samsung D6000 TV and possibly other products allow remote attackers to cause a denial of service (continuous restart) via a crafted controller name. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 54.1%. | HIGH | 7.8 | 54.1% | 113 |
PoC
No patch
|
| CVE-2012-4330 | The Samsung D6000 TV and possibly other products allows remote attackers to cause a denial of service (crash) via a long string in certain fields, as demonstrated by the MAC address field, possibly a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 51.1%. | HIGH | 7.8 | 51.1% | 110 |
PoC
No patch
|
| CVE-2012-4334 | The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) STWConfig 1.1.14.13 ActiveX controls in Samsung NET-i viewer 1.37.120316 allows remote attackers to execute arbitrary code via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 28.6%. | CRITICAL | 10.0 | 28.6% | 99 |
PoC
No patch
|
| CVE-2015-5473 | Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 46.9% and no vendor patch available. | CRITICAL | 9.8 | 46.9% | 96 |
No patch
|
| CVE-2012-4250 | Stack-based buffer overflow in the RequestScreenOptimization function in the XProcessControl.ocx ActiveX control in msls31.dll in Samsung NET-i viewer 1.37 allows remote attackers to execute. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 25.2%. | CRITICAL | 9.3 | 25.2% | 92 |
PoC
No patch
|
| CVE-2012-2619 | The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 26.5%. | HIGH | 7.8 | 26.5% | 86 |
PoC
No patch
|
| CVE-2015-0555 | Buffer overflow in the XnsSdkDeviceIpInstaller.ocx ActiveX control in Samsung iPOLiS Device Manager 1.12.2 allows remote attackers to execute arbitrary code via a long string in the first argument to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 24.9%. | MEDIUM | 6.8 | 24.9% | 79 |
PoC
No patch
|
| CVE-2015-7893 | SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.6%. | HIGH | 8.8 | 13.6% | 78 |
PoC
No patch
|