CVE-2026-35394

Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls...

GHSA-5QHV-X9J4-C3VM @mobilenext/mobile-mcp: Arbitrary Android Intent Execution via mobile_open_url

Summary The mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls, SMS messages, and content provider access. Details The vulnerable code pass...

EUVD-2021-12395

Malware in sbrugna...

EUVD-2023-48488

Malicious code in bioql PyPI...

EUVD-2023-25634

Malicious code in bioql PyPI...

CVE-2023-44129

Summary: CVE-2023-44129 affects LG-patched Android Messaging (com.android.mms) via the exported activity com.android.mms.ui.QClipIntentReceiverActivity. An attacker can trigger the activity, broadcast the action com.lge.message.action.QCLIP, and send their own data with Intent.FLAG_GRANT_*; the p...

CVE-2021-25499

Intent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4 allows attacker to access content provider of Galaxy Store...

LG mobile 安全漏洞

LG mobile is a line of mobile device products from LG. A security vulnerability exists in LG mobile devices with Android OS 4.4 through 11 software, which can be exploited by an attacker to bypass access controls for specific content providers using ISMS services...