CVE-2026-35394

Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls...

@mobilenext/mobile-mcp: Arbitrary Android Intent Execution via mobile_open_url

Summary The mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls, SMS messages, and content provider access. Details The vulnerable code pass...

EUVD-2021-17098

Malware in sbrugna...

EUVD-2022-36764

Malicious code in bioql PyPI...

EUVD-2022-25404

Malicious code in bioql PyPI...

EUVD-2021-28301

Malicious code in bioql PyPI...

CVE-2025-10184

CVE-2025-10184 (OnePlus OxygenOS Telephony provider permission bypass) affects OnePlus OxygenOS on multiple devices, via three content providers: com.android.providers.telephony.PushMessageProvider, PushShopProvider and ServiceNumberProvider. Root cause: missing write permissions on these provide...

OnePlus OxygenOS 安全漏洞

OnePlus OxygenOS is a smartphone operating system from Chinese company OnePlus. A security vulnerability exists in OnePlus OxygenOS, which stems from a lack of write access to multiple content providers and SQL injection in the update method of these providers, which could lead to the disclosure ...

PT-2025-39169

Name of the Vulnerable Software and Affected Versions OnePlus OxygenOS versions 12 through 15 Description A critical security issue exists in OnePlus devices running OxygenOS 12 through 15. This flaw allows any installed application to read SMS/MMS data and metadata from the system Telephony...

Network-Level Censorship Attacks in the InterPlanetary File System

The InterPlanetary File System IPFS has been successfully established as the de facto standard for decentralized data storage in the emerging Web3. Despite its decentralized nature, IPFS nodes, as well as IPFS content providers, have converged to centralization in large public clouds...

CVE-2023-21466

PendingIntent hijacking vulnerability in CertificatePolicy in framework prior to SMR Apr-2023 Release 1 allows local attackers to access contentProvider without proper permission...

CVE-2023-21466

CVE-2023-21466 is a PendingIntent hijacking vulnerability in the CertificatePolicy component of the Android framework on Samsung devices, prior to SMR Apr-2023 Release 1. It allows local attackers to access a contentProvider without proper permission. Affected: CertificatePolicy in framework; imp...

Akamai and Bitmovin: Revolutionizing Live and On-Demand Video Streaming

Discover how Akamai and Bitmovin’s partnership reduces costs, enhances performance, and delivers personalized video experiences to content providers...

CVE-2023-30705

Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.56.6?allows local attackers to access privileged content providers as Galaxy Store permission...

CVE-2023-44129

The vulnerability is that the Messaging "com.android.mms" app patched by LG forwards attacker-controlled intents back to the attacker in the exported "com.android.mms.ui.QClipIntentReceiverActivity" activity. The attacker can abuse this functionality by launching this activity and then sending a...

CVE-2023-21306

In ContentService, there is a possible way to read installed sync content providers due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-20923

In exported content providers of ShannonRcs, there is a possible way to get access to protected content providers due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2023-21382

In Content Resolver, there is a possible method to access metadata about existing content providers on the device due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2022-39863

Intent redirection vulnerability in Samsung Account prior to version 13.5.01.3 allows attackers to access content providers without permission...

CVE-2023-41819

A PendingIntent hijacking vulnerability was reported in the Motorola Face Unlock application that could allow a local attacker to access unauthorized content providers...