130 matches found
CVE-2025-67448
The SMS module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to stored XSS. The application does not properly sanitize user input in SMS messages before storing and displaying them. An attacker can send an SMS containing a malicious XSS payload, which will be executed in the...
CVE-2025-54328
An issue was discovered in SMS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. A Stack-based Buffer Overflow occurs while parsing SMS RP-DA...
CVE-2026-35394
Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls...
CVE-2026-35394
Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls...
@mobilenext/mobile-mcp: Arbitrary Android Intent Execution via mobile_open_url
Summary The mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls, SMS messages, and content provider access. Details The vulnerable code pass...
GHSA-5QHV-X9J4-C3VM @mobilenext/mobile-mcp: Arbitrary Android Intent Execution via mobile_open_url
Summary The mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls, SMS messages, and content provider access. Details The vulnerable code pass...
PT-2026-30323
Summary The mobile open url tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls, SMS messages, and content provider access. Details The vulnerable code...
CVE-2025-70614
OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to access to arbitrary SMS messages via a crafted company or tenant identifier parameter...
EUVD-2025-208325
OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to access to arbitrary SMS messages via a crafted company or tenant identifier parameter...
CVE-2025-70614
OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to access to arbitrary SMS messages via a crafted company or tenant identifier parameter...
PT-2026-23502
Name of the Vulnerable Software and Affected Versions OpenCode Systems OC Messaging / USSD Gateway version 6.32.2 Description The software contains a flaw in access control within the web-based control panel. An authenticated attacker with limited privileges can access arbitrary SMS messages by...
OpenCode Systems OC Messaging / USSD Gateway OC 安全漏洞
OpenCode Systems OC Messaging/USSD Gateway OC is a telecommunications operator messaging gateway system developed by OpenCode Company in the UK. Version 6.32.2 of OpenCode Systems OC Messaging/USSD Gateway OC contains a security vulnerability. This vulnerability stems from access control flaws in...
CVE-2025-70614
The CVE-2025-70614 entry applies to OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2. The vulnerability is due to broken access control in the web-based control panel, allowing an authenticated low-privileged user to access arbitrary SMS messages by tampering with a company or tenan...
CVE-2025-70614
OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to access to arbitrary SMS messages via a crafted company or tenant identifier parameter...
CVE-2025-70614
OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to access to arbitrary SMS messages via a crafted company or tenant identifier parameter...
CVE-2025-70614
OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to access to arbitrary SMS messages via a crafted company or tenant identifier parameter...
EUVD-2011-4780
Malware in sbrugna...
EUVD-2020-29977
Malware in sbrugna...
EUVD-2020-6196
Malware in sbrugna...
EUVD-2016-4901
Malware in sbrugna...