Vulnerabilities in Samsung Mobile

1,316 results
Vexday analysis

Samsung Mobile acumula 1.316 CVEs catalogadas, com 13 confirmadas em exploração ativa pelo CISA KEV — uma taxa 2,2 vezes acima da média geral do catálogo, o que indica exposição operacional relevante e exige atenção prioritária na gestão de patches. O tipo de falha mais recorrente é CWE-20 (validação inadequada de entrada), sugerindo fragilidades sistemáticas no tratamento de dados externos que tendem a gerar superfícies amplas de ataque. A CVE mais perigosa em exploração ativa no momento é CVE-2025-21042, com escore EPSS de 0,1161, enquanto 34 novas vulnerabilidades surgiram nos últimos 90 dias, sinalizando um ritmo de descoberta contínuo que demanda monitoramento frequente. Com apenas 3 CVEs acompanhadas de PoC pública e EPSS máximo observado de 0,1289, o risco de exploração massiva imediata é moderado, mas a combinação de falhas ativas confirmadas e volume crescente de novas entradas justifica ciclos curtos de atualização de firmware em ambientes corporativos.

CVE-2026-21012MEDIUMExternal control of file name in AODManager prior to SMR Apr-2026 Release 1 allows privileged local attacker to create file with system privEPSS 0.1%CVE-2026-21032MEDIUMImproper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacEPSS 0.1%CVE-2022-39853MEDIUMA use after free vulnerability in perf-mgr driver prior to SMR Oct-2022 Release 1 allows attacker to cause memory access fault.EPSS 0.1%CVE-2026-21025MEDIUMIncorrect privilege assignment in Telephony prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information.EPSS 0.1%CVE-2026-21022MEDIUMImproper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive informaEPSS 0.1%CVE-2021-25501MEDIUMAn improper access control vulnerability in SCloudBnRReceiver in SecTelephonyProvider prior to SMR Nov-2021 Release 1 allows untrusted appliEPSS 0.1%CVE-2026-21028MEDIUMImproper access control in AuditLogService prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information.EPSS 0.1%CVE-2026-21031MEDIUMImproper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is rEPSS 0.1%CVE-2022-22263MEDIUMUnprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Release 1 allows untrusted applications to launch arbitrary activity.EPSS 0.1%CVE-2026-21029MEDIUMImproper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to executeEPSS 0.1%CVE-2021-25519MEDIUMAn improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local attackers to access CPLC information without pEPSS 0.1%CVE-2026-21033MEDIUMImproper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attEPSS 0.1%CVE-2026-21013MEDIUMIncorrect default permission in Galaxy Wearable prior to version 2.2.68.26 allows local attackers to access sensitive information.EPSS 0.1%CVE-2021-25460MEDIUMAn improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BEPSS 0.1%CVE-2026-21017MEDIUMImproper handling of insufficient privileges in SecTelephonyProvider prior to SMR Jun-2026 Release 1 allows local attackers to access privilEPSS 0.1%CVE-2026-21016MEDIUMIncorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information.EPSS 0.1%CVE-2026-21015MEDIUMIncorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique identifier.EPSS 0.1%CVE-2025-58482HIGHImproper access control in MPLocalService of MotionPhoto prior to version 4.1.51 allows local attackers to start privileged service.EPSS 0.1%CVE-2025-21060MEDIUMCleartext storage of sensitive information in Smart Switch prior to version 3.7.67.2 allows local attackers to access backup data from appliEPSS 0.1%CVE-2022-27834LOWUse after free vulnerability in dsp_context_unload_graph function of DSP driver prior to SMR Apr-2022 Release 1 allows attackers to perform EPSS 0.1%