Samsung Galaxy Store
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Samsung Galaxy Store.
By the Year
In 2025 there have been 0 vulnerabilities in Samsung Galaxy Store. Last year, in 2024 Galaxy Store had 5 security vulnerabilities published. Right now, Galaxy Store is on track to have less security vulnerabilities in 2025 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 0 | 0.00 |
2024 | 5 | 5.46 |
2023 | 8 | 7.99 |
2022 | 8 | 6.90 |
2021 | 1 | 5.50 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Galaxy Store vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Samsung Galaxy Store Security Vulnerabilities
Improper verification of intent by broadcast receiver vulnerability in GalaxyStore prior to version 4.5.81.0
CVE-2024-34601
5.3 - Medium
- July 02, 2024
Improper verification of intent by broadcast receiver vulnerability in GalaxyStore prior to version 4.5.81.0 allows local attackers to launch unexported activities of GalaxyStore.
Implicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6
CVE-2024-20822
5.5 - Medium
- February 06, 2024
Implicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.
Implicit intent hijacking vulnerability in SamsungAccount of Galaxy Store prior to version 4.5.63.6
CVE-2024-20823
5.5 - Medium
- February 06, 2024
Implicit intent hijacking vulnerability in SamsungAccount of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.
Implicit intent hijacking vulnerability in VoiceSearch of Galaxy Store prior to version 4.5.63.6
CVE-2024-20824
5.5 - Medium
- February 06, 2024
Implicit intent hijacking vulnerability in VoiceSearch of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.
Implicit intent hijacking vulnerability in IAP of Galaxy Store prior to version 4.5.63.6
CVE-2024-20825
5.5 - Medium
- February 06, 2024
Implicit intent hijacking vulnerability in IAP of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.
Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4
CVE-2023-42580
9.8 - Critical
- December 05, 2023
Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to install APK from Galaxy Store.
Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4
CVE-2023-42581
7.5 - High
- December 05, 2023
Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data.
Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.56.6?
CVE-2023-30705
5.5 - Medium
- August 10, 2023
Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.56.6?allows local attackers to access privileged content providers as Galaxy Store permission.
AuthZ
XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8
CVE-2023-21516
9.6 - Critical
- May 26, 2023
XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.
XSS
Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8
CVE-2023-21514
8.8 - High
- May 26, 2023
Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.
Improper Input Validation
InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8
CVE-2023-21515
8.8 - High
- May 26, 2023
InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.
Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8
CVE-2023-21433
7.8 - High
- February 09, 2023
Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store.
Incorrect Default Permissions
Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8
CVE-2023-21434
6.1 - Medium
- February 09, 2023
Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page.
XSS
Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 4.5.41.8
CVE-2022-33708
7.8 - High
- July 12, 2022
Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.
Improper Privilege Management
Improper input validation vulnerability in ApexPackageInstaller in Galaxy Store prior to version 4.5.41.8
CVE-2022-33709
7.8 - High
- July 12, 2022
Improper input validation vulnerability in ApexPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.
Improper Privilege Management
Improper input validation vulnerability in BillingPackageInsraller in Galaxy Store prior to version 4.5.41.8
CVE-2022-33710
7.8 - High
- July 12, 2022
Improper input validation vulnerability in BillingPackageInsraller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.
Improper Privilege Management
Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8
CVE-2022-28791
5.5 - Medium
- May 03, 2022
Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 allows attacker to overwrite files stored in a specific path. The patch adds proper protection to prevent overwrite to existing files.
Improper Input Validation
Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5
CVE-2022-28542
5.5 - Medium
- April 11, 2022
Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5 allows local attackers to access privileged content providers as Galaxy Store permission.
AuthZ
Path traversal vulnerability in unzip method of InstallAgentCommonHelper in Galaxy store prior to version 4.5.40.5
CVE-2022-28544
5.5 - Medium
- April 11, 2022
Path traversal vulnerability in unzip method of InstallAgentCommonHelper in Galaxy store prior to version 4.5.40.5 allows attacker to access the file of Galaxy store.
Directory traversal
Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4
CVE-2022-28776
7.8 - High
- April 11, 2022
Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user interactions.
Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5
CVE-2022-22288
7.5 - High
- January 10, 2022
Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist.
Intent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4
CVE-2021-25499
5.5 - Medium
- October 06, 2021
Intent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4 allows attacker to access content provider of Galaxy Store.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Samsung Galaxy Store or by Samsung? Click the Watch button to subscribe.