members · threatengine.sh

CVE-2026-20986

< 15.5.05.4

Path traversal in Samsung Members prior to Chinese version 15.5.05.4 allows local attackers to overwrite data within Samsung Membe

5.5MEDIUM

CVE-2026-20985

< 5.6.00.11

Improper input validation in Samsung Members prior to version 5.6.00.11 allows remote attackers to connect arbitrary URL and launc

4.3MEDIUM

CVE-2025-21079

< 5.5.01.3

Improper input validation in Samsung Members prior to version 5.5.01.3 allows remote attackers to connect arbitrary URL and launch

7.1HIGH

CVE-2025-20949

< 5.0.00.11

Path traversal vulnerability in Samsung Members prior to version 5.0.00.11 allows attackers to read and write arbitrary file with

5.1MEDIUM

CVE-2025-20898

< 5.2.00.12

Improper input validation in Samsung Members prior to version 5.2.00.12 allows physical attackers to access data across multiple u

4.6MEDIUM

CVE-2023-30703

< 14.0.07.1

Improper URL validation vulnerability in Samsung Members prior to version 14.0.07.1 allows attackers to access sensitive informati

3.3LOW

CVE-2022-30748

< 4.2.005

Unprotected dynamic receiver in Samsung Members prior to version 4.2.005 allows attacker to launch arbitrary activity.

4.0MEDIUM

CVE-2022-28777

< 13.6.08.5

Improper access control vulnerability in Samsung Members prior to version 13.6.08.5 allows local attacker to execute call function

4.3MEDIUM

CVE-2021-25439

< 2.4.85.11

Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in

3.3LOW

CVE-2021-25438

< 2.4.85.11

Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in

7.8HIGH

CVE-2021-25374

<= 2.4.83.9

An improper authorization vulnerability in Samsung Members "samsungrewards" scheme for deeplink in versions 2.4.83.9 in Android O(

8.6HIGH

CVE-2021-25343

< 2.4.81.13

Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in And

4.0MEDIUM

CVE-2021-25342

< 2.4.81.13

Calling of non-existent provider in SMP sdk prior to version 3.0.9 allows unauthorized actions including denial of service attack

4.0MEDIUM

samsung members