CVE-2026-33545 MobSF has SQL Injection in its SQLite Database Viewer Utils

MobSF is a mobile application security testing tool used. Prior to version 4.4.6, MobSF's readsqlite function in mobsf/MobSF/utils.py lines 542-566 uses Python string formatting % to construct SQL queries with table names read from a SQLite database's sqlitemaster table. When a security analyst...

GHSA-HQJR-43R5-9Q58 MobSF has SQL Injection in its SQLite Database Viewer Utils

Description MobSF's readsqlite function in mobsf/MobSF/utils.py lines 542-566 uses Python string formatting % to construct SQL queries with table names read from a SQLite database's sqlitemaster table. When a security analyst uses MobSF to analyze a malicious mobile application containing a craft...

SQL Injection

Overview mobsf is a Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Affected versions of this package are vulnerable to SQL Injecti...

PT-2026-4843

Name of the Vulnerable Software and Affected Versions MobSF versions prior to 4.4.5 Description MobSF, a mobile application security testing tool, contains a Stored Cross-site Scripting XSS vulnerability in its Android manifest analysis feature. This flaw allows an attacker to execute arbitrary...

EUVD-2022-7085

Malicious code in bioql PyPI...

EUVD-2025-0237

Malicious code in bioql PyPI...

EUVD-2025-8857

Malicious code in bioql PyPI...

EUVD-2024-52233

Malicious code in bioql PyPI...

EUVD-2024-2491

Malicious code in bioql PyPI...

EUVD-2025-0235

Malicious code in bioql PyPI...

EUVD-2025-13371

Malicious code in bioql PyPI...

EUVD-2024-1024

Malicious code in bioql PyPI...

EUVD-2024-3432

Malicious code in bioql PyPI...

EUVD-2024-1325

Malicious code in bioql PyPI...

Directory Traversal

Overview mobsf is a Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Affected versions of this package are vulnerable to Directory...

CVE-2025-58162 MobSF Vulnerable to Arbitrary File Write (AR-Slip) via Absolute Path in .a Extraction

MobSF is a mobile application security testing tool used. In version 4.4.0, an authenticated user who uploaded a specially prepared one.a, can write arbitrary files to any directory writable by the user of the MobSF process. This issue has been patched in version 4.4.1...

Mobile Security Framework 路径遍历漏洞

Mobile Security Framework MobSF is an automated all-in-one mobile application from Mobile Security Framework open source. It is used for penetration testing, malware analysis and security assessments, and is capable of performing both static and dynamic analysis. A path traversal vulnerability...

Mobile Security Framework 路径遍历漏洞

Mobile Security Framework MobSF is an automated all-in-one mobile application from Mobile Security Framework open source. Used for penetration testing, malware analysis and security assessments, it is capable of performing both static and dynamic analysis. A path traversal vulnerability exists in...

CVE-2025-58162

creationtimestamp| type| source ---|---|--- 2025-08-31 02:35:35+00:00| published-proof-of-concept| https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-9gh8-9r95-3fc3...

The vulnerability of the Mobile Security Framework (MobSF), which stems from the lack of protective measures for website structures, allows attackers to carry out cross-site scripting attacks.

The vulnerability of the Mobile Security Framework for mobile application security research relates to the lack of protective measures for website structures. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...