Every CVE whose affected-product data names Kaiostech Kaios, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2023-33294 — CVSS 9.8 (critical): An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin/tctweb_server binary exposes a local web server that responds to GET and…
CVE-2019-7386 — CVSS 6.5 (medium): A Denial of Service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 (platform 48.0.a2) on Nokia 8810 4G devices. When a…
CVE-2019-14758 — CVSS 6.1 (medium): An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed File Manager application is vulnerable to HTML and JavaScript injection…
CVE-2019-14756 — CVSS 6.1 (medium): An issue was discovered in KaiOS 1.0, 2.5, and 2.5.12.5. The pre-installed Email application is vulnerable to HTML and JavaScript injection…
CVE-2019-14757 — CVSS 6.1 (medium): An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed Contacts application is vulnerable to HTML and JavaScript injection…
CVE-2023-27108 — CVSS 5.3 (medium): An issue was discovered in KaiOS 3.0. The pre-installed Communications application exposes a Web Activity that returns the user's call log…
CVE-2023-33293 — CVSS 5.3 (medium): An issue was discovered in KaiOS 3.0 and 3.1. The binary /system/kaios/api-daemon exposes a local web server on *.localhost with subdomains…
CVE-2019-14761 — CVSS 4.4 (medium): An issue was discovered in KaiOS 2.5. The pre-installed Note application is vulnerable to HTML and JavaScript injection attacks. A local…
CVE-2019-14760 — CVSS 4.4 (medium): An issue was discovered in KaiOS 2.5. The pre-installed Recorder application is vulnerable to HTML and JavaScript injection attacks. A…
CVE-2019-14759 — CVSS 4.4 (medium): An issue was discovered in KaiOS 1.0, 2.5, and 2.5.1. The pre-installed Radio application is vulnerable to HTML and JavaScript injection…