CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2024/08/28 8:15 a.m.•1 views

CVE-2023-26324

A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code...

9.8CVSS6.2AI score0.00066EPSS

Cvelist•added 2024/08/28 7:59 a.m.•14 views

CVE-2023-26322 GetApps application has code execution vulnerability

8.8CVSS0.00207EPSS

Cvelist•added 2024/08/28 6:44 a.m.•24 views

CVE-2024-45346 GetApps application has code execution vulnerability

The Xiaomi Security Center expresses heartfelt thanks to Ken Gannon and Ilyes Beghdadi of NCC Group working with Trend Micro Zero Day Initiative! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center MiSRC to jointly...

8.8CVSS0.00091EPSS

Vulnrichment•added 2024/08/28 6:44 a.m.•11 views

CVE-2024-45346 GetApps application has code execution vulnerability

8.8CVSS8.8AI score0.00091EPSS

CNNVD•added 2024/08/28 12:0 a.m.•3 views

Xiaomi GetApps 安全漏洞

Xiaomi GetApps is a global app store by the Chinese company Xiaomi. A code execution vulnerability exists in Xiaomi GetApps, which can be exploited by an attacker to execute arbitrary code...

9.8CVSS7.8AI score0.00207EPSS

CNNVD•added 2024/08/28 12:0 a.m.•2 views

Xiaomi GetApps 安全漏洞

Xiaomi GetApps is a global app store by Chinese company Xiaomi. It is used by developers to publish and distribute their apps to over 200 million users in 59 regions. A security vulnerability exists in Xiaomi GetApps that stems from authentication logic that can be bypassed...

8.8CVSS6.8AI score0.00091EPSS

CNNVD•added 2024/08/28 12:0 a.m.•2 views

Xiaomi GetApps 安全漏洞

9.8CVSS7AI score0.00066EPSS

The Hacker News•added 2024/05/06 10:3 a.m.•23 views

Xiaomi Android Devices Hit by Multiple Flaws Across Apps and System Components

Multiple security vulnerabilities have been disclosed in various applications and system components within Xiaomi devices running Android. "The vulnerabilities in Xiaomi led to access to arbitrary activities, receivers and services with system privileges, theft of arbitrary files with system...

8.1AI score

CNVD•added 2024/05/06 12:0 a.m.•12 views

Xiaomi GetApps Code Execution Vulnerability

Xiaomi GetApps is a global app store by the Chinese company Xiaomi. A code execution vulnerability exists in Xiaomi GetApps, which can be exploited by an attacker to execute arbitrary code...

9.8CVSS7.7AI score0.00207EPSS

OSV•added 2024/05/02 3:15 p.m.•2 views

CVE-2024-4406

Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to exploit this vulnerability in that the...

9.6CVSS6.2AI score0.70135EPSS

NVD•added 2024/05/02 3:15 p.m.•14 views

CVE-2024-4406

9.6CVSS8.7AI score0.70135EPSS

CVE•added 2024/05/02 3:2 p.m.•67 views

CVE-2024-4406

This CVE affects Xiaomi Pro 13 smartphones (GetApps) via the integral-dialog-page.html flaw. The root cause is improper sanitization when parsing the integralInfo parameter, enabling arbitrary script injection that can lead to remote code execution in the context of the current user. Exploitation...

9.6CVSS8.5AI score0.70135EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2024/05/02 3:2 p.m.•21 views

CVE-2024-4406 Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability

8.8CVSS7.2AI score0.70135EPSS

Cvelist•added 2024/05/02 3:2 p.m.•14 views

CVE-2024-4406 Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability

8.8CVSS8.8AI score0.70135EPSS

Zero Day Initiative•added 2024/05/01 12:0 a.m.•26 views

(Pwn2Own) Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

8.8CVSS7.4AI score0.70135EPSS

Zero Day Initiative•added 2020/03/12 12:0 a.m.•13 views

(Pwn2Own) Xiaomi GetApps Intent Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Xiaomi GetApps. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...

5.3CVSS3.7AI score0.00207EPSS

Zero Day Initiative•added 2020/03/12 12:0 a.m.•19 views

(Pwn2Own) Xiaomi Mi9 Browser Untrusted Site Redirection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Xiaomi Mi9 Browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Xiaom...

5.5CVSS2.9AI score0.00207EPSS

OSV•added 2020/03/06 5:15 p.m.•1 views

CVE-2020-9530

An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. The export component of GetAppscom.xiaomi.mipicks mishandles the functionality of opening other components. Attackers need to induce users to open specific web pages in a specific network environment. By jumping to the WebView...

6.5CVSS6.6AI score

NVD•added 2020/03/06 5:15 p.m.•11 views

CVE-2020-9530

6.5CVSS6.2AI score0.00502EPSS