Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2024-45347 | An unauthorized access vulnerability exists in the Xiaomi Mi Connect Service APP. The vulnerability is caused by the validation logic is flawed and can be exploited by attackers to Unauthorized access to the victim’s device. | 9.6 | 0.19% | 2025-06-23 | 2026-06-17 |
| CVE-2024-45361 | A protocol flaw vulnerability exists in the Xiaomi Mi Connect Service APP. The vulnerability is caused by the validation logic is flawed and can be exploited by attackers to leak sensitive user information. | 6.5 | 0.15% | 2025-03-27 | 2026-06-17 |
| CVE-2024-45356 | A unauthorized access vulnerability exists in the Xiaomi phone framework. The vulnerability is caused by improper validation and can be exploited by attackers to Access sensitive methods. | 7.3 | 0.13% | 2025-03-27 | 2026-06-17 |
| CVE-2024-45355 | A unauthorized access vulnerability exists in the Xiaomi phone framework. The vulnerability is caused by improper validation and can be exploited by attackers to Access sensitive methods. | 5.5 | 0.12% | 2025-03-27 | 2026-06-17 |
| CVE-2024-45354 | A code execution vulnerability exists in the Xiaomi shop applicationproduct. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code. | 4.3 | 0.16% | 2025-03-27 | 2026-06-17 |
| CVE-2024-45353 | An intent redriction vulnerability exists in the Xiaomi quick App framework application product. The vulnerability is caused by improper input validation and can be exploited by attackers tointent redriction. | 4.3 | 0.13% | 2025-03-27 | 2026-06-17 |
| CVE-2024-45352 | An code execution vulnerability exists in the Xiaomi smarthome application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code. | 8.8 | 0.25% | 2025-03-26 | 2026-06-17 |
| CVE-2024-45351 | A code execution vulnerability exists in the Xiaomi Game center application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code. | 7.8 | 0.15% | 2025-03-26 | 2026-06-17 |
| CVE-2024-45348 | Xiaomi Router AX9000 has a post-authorization command injection vulnerability. This vulnerability is caused by the lack of validation of user input, and an attacker can exploit this vulnerability to execute arbitrary code. | 6.4 | 0.75% | 2024-09-23 | 2026-06-17 |
| CVE-2023-26324 | A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code. | 8.8 | 0.60% | 2024-08-28 | 2026-06-17 |
| CVE-2023-26323 | A code execution vulnerability exists in the Xiaomi App market product. The vulnerability is caused by unsafe configuration and can be exploited by attackers to execute arbitrary code. | 7.6 | 0.59% | 2024-08-28 | 2026-06-17 |
| CVE-2023-26322 | A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code. | 8.8 | 0.73% | 2024-08-28 | 2026-06-17 |
| CVE-2023-26321 | A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file. | 6.3 | 0.49% | 2024-08-28 | 2026-06-17 |
| CVE-2024-45346 | The Xiaomi Security Center expresses heartfelt thanks to Ken Gannon and Ilyes Beghdadi of NCC Group working with Trend Micro Zero Day Initiative! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life. | 8.8 | 0.45% | 2024-08-28 | 2026-06-17 |
| CVE-2023-26315 | The Xiaomi router AX9000 has a post-authentication command injection vulnerability. This vulnerability is caused by the lack of input filtering, allowing an attacker to exploit it to obtain root access to the device. | 6.5 | 18.64% | 2024-08-26 | 2026-06-17 |
| CVE-2023-26320 | Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection. | 7.5 | 0.97% | 2023-10-11 | 2026-06-17 |
| CVE-2023-26319 | Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection. | 6.7 | 0.88% | 2023-10-11 | 2026-06-17 |
| CVE-2023-26318 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Xiaomi Xiaomi Router allows Overflow Buffers. | 6.7 | 0.52% | 2023-10-11 | 2026-06-17 |
| CVE-2023-26317 | Xiaomi routers have an external interface that can lead to command injection. The vulnerability is caused by lax filtering of responses from external interfaces. Attackers can exploit this vulnerability to gain access to the router by hijacking the ISP or upper-layer routing. | 7.0 | 0.95% | 2023-08-02 | 2026-06-17 |
| CVE-2023-26316 | A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview's whitelist checking function allowing javascript protocol to be loaded and can be exploited by attackers to steal Xiaomi cloud service account's cookies. | 6.1 | 0.31% | 2023-08-02 | 2026-06-17 |