Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

10952 matches found

NVD
NVDadded 2023/09/11 10:15 a.m.13 views

CVE-2023-3612

Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content...

8.8CVSS8.3AI score0.00448EPSS
Exploits0References1
Prion
Prionadded 2023/09/11 10:15 a.m.175 views

Code injection

Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content...

6.8CVSS8.5AI score0.00448EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2023/09/11 9:4 a.m.13 views

CVE-2023-3612 Unprotected WebView access in Govee Home App

Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content...

8.2CVSS6.8AI score0.00448EPSS
Exploits0References1
CVE
CVEadded 2023/09/11 9:4 a.m.46 views

CVE-2023-3612

The CVE-2023-3612 issue affects the Govee Home app, where unprotected access to the WebView component allows any app on the device to open WebView. A crafted URL can enable JavaScript execution in the WebView context or display phishing content to steal sensitive data. Documented impact includes ...

8.8CVSS8.3AI score0.00448EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2023/09/11 9:4 a.m.15 views

CVE-2023-3612 Unprotected WebView access in Govee Home App

Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content...

8.2CVSS8.8AI score0.00448EPSS
Exploits0References1
OSV
OSVadded 2023/09/11 8:15 a.m.2 views

CVE-2023-42470

The Imou Life com.mm.android.smartlifeiot application through 6.8.0 for Android allows Remote Code Execution via a crafted intent to an exported component. This relates to the com.mm.android.easy4ip.MainActivity activity. JavaScript execution is enabled in the WebView, and direct web content...

9.8CVSS6.1AI score0.01986EPSS
Exploits1References3
ATTACKERKB
ATTACKERKBadded 2023/09/11 8:15 a.m.1 views

CVE-2023-42471

The wave.ai.browser application through 1.0.35 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. It contains a manifest entry that exports the wave.ai.browser.ui.splash.SplashScreen activity. This activity uses a WebView component to display web conte...

9.8CVSS7.6AI score0.01419EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2023/09/11 8:15 a.m.2 views

CVE-2023-42470

The Imou Life com.mm.android.smartlifeiot application through 6.8.0 for Android allows Remote Code Execution via a crafted intent to an exported component. This relates to the com.mm.android.easy4ip.MainActivity activity. JavaScript execution is enabled in the WebView, and direct web content...

9.8CVSS7.5AI score0.01986EPSS
Exploits1References4
OSV
OSVadded 2023/09/11 8:15 a.m.4 views

CVE-2023-42471

The wave.ai.browser application through 1.0.35 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. It contains a manifest entry that exports the wave.ai.browser.ui.splash.SplashScreen activity. This activity uses a WebView component to display web conte...

9.8CVSS6.1AI score0.01419EPSS
Exploits1References3
NVD
NVDadded 2023/09/11 8:15 a.m.13 views

CVE-2023-42470

The Imou Life com.mm.android.smartlifeiot application through 6.8.0 for Android allows Remote Code Execution via a crafted intent to an exported component. This relates to the com.mm.android.easy4ip.MainActivity activity. JavaScript execution is enabled in the WebView, and direct web content...

9.8CVSS9.4AI score0.01986EPSS
Exploits1References3
Prion
Prionadded 2023/09/11 8:15 a.m.22 views

Design/Logic Flaw

The wave.ai.browser application through 1.0.35 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. It contains a manifest entry that exports the wave.ai.browser.ui.splash.SplashScreen activity. This activity uses a WebView component to display web conte...

7.5CVSS8.9AI score0.01419EPSS
Exploits1References3Affected Software1
Prion
Prionadded 2023/09/11 8:15 a.m.18 views

Remote code execution

The Imou Life com.mm.android.smartlifeiot application through 6.8.0 for Android allows Remote Code Execution via a crafted intent to an exported component. This relates to the com.mm.android.easy4ip.MainActivity activity. JavaScript execution is enabled in the WebView, and direct web content...

7.5CVSS9.1AI score0.01986EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichmentadded 2023/09/11 12:0 a.m.10 views

CVE-2023-42471

The wave.ai.browser application through 1.0.35 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. It contains a manifest entry that exports the wave.ai.browser.ui.splash.SplashScreen activity. This activity uses a WebView component to display web conte...

7.5AI score0.01419EPSS
Exploits1References3
Cvelist
Cvelistadded 2023/09/11 12:0 a.m.25 views

CVE-2023-42471

The wave.ai.browser application through 1.0.35 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. It contains a manifest entry that exports the wave.ai.browser.ui.splash.SplashScreen activity. This activity uses a WebView component to display web conte...

9.3AI score0.01419EPSS
Exploits1References3
CNNVD
CNNVDadded 2023/09/11 12:0 a.m.3 views

Govee Home Security Breach

Govee Home is a software application. Govee Home contains a security vulnerability that stems from the fact that the WebView component can be opened by any application on the device, and by sending the URL to a specially crafted website, an attacker can execute JavaScript in the WebView context o...

8.8CVSS6.8AI score0.00448EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2023/09/11 12:0 a.m.3 views

PT-2023-25434 · Govee · Govee Home

Name of the Vulnerable Software and Affected Versions: Govee Home app affected versions not specified Description: The Govee Home app has unprotected access to the WebView component, which can be opened by any app on the device. By sending a URL to a specially crafted site, an attacker can execut...

8.8CVSS8.6AI score0.00448EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2023/09/11 12:0 a.m.3 views

PT-2023-28361 · Unknown · Wave.Ai.Browser

Name of the Vulnerable Software and Affected Versions: wave.ai.browser application through 1.0.35 for Android Description: The issue allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. It contains a manifest entry that exports the...

9.8CVSS9.5AI score0.01419EPSS
Exploits1References7
Positive Technologies
Positive Technologiesadded 2023/09/11 12:0 a.m.4 views

PT-2023-28360 · Imou Life · Imou Life

Name of the Vulnerable Software and Affected Versions: Imou Life com.mm.android.smartlifeiot application through 6.8.0 for Android Description: The issue allows Remote Code Execution via a crafted intent to an exported component, specifically relating to the com.mm.android.easy4ip.MainActivity...

9.8CVSS9.5AI score0.01986EPSS
Exploits1References8
CVE
CVEadded 2023/09/11 12:0 a.m.45 views

CVE-2023-42470

The CVE-2023-42470 entry concerns the Imou Life app (com.mm.android.smartlifeiot) for Android, version up to 6.8.0. The underlying issue is Remote Code Execution via a crafted intent to an exported component, specifically com.mm.android.easy4ip.MainActivity. The vulnerability is facilitated by a ...

9.8CVSS9.2AI score0.01986EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2023/09/11 12:0 a.m.23 views

CVE-2023-42470

The Imou Life com.mm.android.smartlifeiot application through 6.8.0 for Android allows Remote Code Execution via a crafted intent to an exported component. This relates to the com.mm.android.easy4ip.MainActivity activity. JavaScript execution is enabled in the WebView, and direct web content...

9.6AI score0.01986EPSS
Exploits1References3
Rows per page
Query Builder