Samsung: Security Vulnerabilities
A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without authentication, leading to Stored XSS, which can result in account takeover
This issue affects MagicINFO 9 Server: less than 21.1090.1.
CVSS Score
9.8
EPSS Score
0.005
Published
2026-02-02
Improper handling of insufficient permission in Samsung Cloud prior to version 5.6.11 allows local attackers to access specific files in arbitrary path.
CVSS Score
2.1
EPSS Score
0.001
Published
2026-01-09
Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script.
CVSS Score
5.1
EPSS Score
0.001
Published
2026-01-09
Use after free in DualDAR prior to SMR Jan-2026 Release 1 allows local privileged attackers to execute arbitrary code.
CVSS Score
6.7
EPSS Score
0.002
Published
2026-01-09
Improper input validation in SecSettings prior to SMR Jan-2026 Release 1 allows local attacker to access file with system privilege. User interaction is required for triggering this vulnerability.
CVSS Score
2.3
EPSS Score
0.002
Published
2026-01-09
Improper access control in SLocation prior to SMR Jan-2026 Release 1 allows local attackers to execute the privileged APIs.
CVSS Score
6.8
EPSS Score
0.001
Published
2026-01-09
Use After Free in PROCA driver prior to SMR Jan-2026 Release 1 allows local attackers to potentially execute arbitrary code.
CVSS Score
7.3
EPSS Score
0.001
Published
2026-01-09
Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows local attackers to enable UWB.
CVSS Score
4.8
EPSS Score
0.001
Published
2026-01-09
Out-of-bounds read in libimagecodec.quram.so prior to SMR Jan-2026 Release 1 allows remote attacker to access out-of-bounds memory.
CVSS Score
5.3
EPSS Score
0.004
Published
2026-01-09
Improper input validation in data related to network restrictions prior to SMR Jan-2026 Release 1 allows physical attackers to bypass Carrier Relock.
CVSS Score
5.2
EPSS Score
0.002
Published
2026-01-09