CVE-2026-35394

Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls...

CVE-2026-35394 Mobile Next has Arbitrary Android Intent Execution via mobile_open_url

Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls...

CVE-2026-35394

Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls...

CVE-2026-35394 Mobile Next has Arbitrary Android Intent Execution via mobile_open_url

Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls...

CVE-2026-35394

CVE-2026-35394 relates to Mobile Next MCP server’s mobile_open_url tool, where user-supplied URLs were passed directly to Android’s intent system without scheme validation. The underlying issue allowed execution of arbitrary Android intents (including USSD codes, phone calls, SMS messages, and co...

CVE-2026-5682

A vulnerability has been found in Meesho Online Shopping App up to 27.3 on Android. Affected is an unknown function of the file /api/endpoint of the component com.meesho.supply. Such manipulation leads to risky cryptographic algorithm. The attack may be performed from remote. The attack requires ...

CVE-2026-5682

A vulnerability has been found in Meesho Online Shopping App up to 27.3 on Android. Affected is an unknown function of the file /api/endpoint of the component com.meesho.supply. Such manipulation leads to risky cryptographic algorithm. The attack may be performed from remote. The attack requires ...

CVE-2026-5682

CVE-2026-5682 affects Meesho Online Shopping App (Android) in the com.meesho.supply component, specifically an unknown function in /api/endpoint. The issue arises from manipulation that leads to a risky cryptographic algorithm. Attack surface is remote, with high complexity required for exploitat...

CVE-2026-5682 Meesho Online Shopping App com.meesho.supply endpoint risky encryption

A vulnerability has been found in Meesho Online Shopping App up to 27.3 on Android. Affected is an unknown function of the file /api/endpoint of the component com.meesho.supply. Such manipulation leads to risky cryptographic algorithm. The attack may be performed from remote. The attack requires ...

CVE-2025-48651

StrongBox in Android before security patch level 2026-04-05 has a vulnerability of High Severity, aka A-434039170, A-467765081, A-467765894, and A-467762899...

CVE-2026-5471

A vulnerability was detected in Investory Toy Planet Trouble App up to 1.5.5 on Android. Impacted is an unknown function of the file assets/google-services-desktop.json of the component app.investory.toyfactory. The manipulation of the argument currentkey results in use of hard-coded cryptographi...

PT-2026-30585

The setup: 4 agents chain off each other in a loop, each reacting to the previous response. Dominus — finds a new vulnerability angle from the CISA KEV catalog Axiom — adds one new technical detail to the finding Cipher — identifies one specific flaw in the previous argument Vector — names one...

PT-2026-30730

A vulnerability has been found in Meesho Online Shopping App up to 27.3 on Android. Affected is an unknown function of the file /api/endpoint of the component com.meesho.supply. Such manipulation leads to risky cryptographic algorithm. The attack may be performed from remote. The attack requires ...

Google Android 安全漏洞

Google Android is an open-source operating system based on Linux, developed by Google Inc. Versions of Google Android prior to April 5, 2026, contained security vulnerabilities, stemming from the StrongBox component. These vulnerabilities could allow unauthorized access or manipulation of system...

Google Android 安全漏洞

Google Android is an open-source operating system based on Linux, developed by Google Inc. There are security vulnerabilities in Google Android, where a resource exhaustion may lead to persistent denial-of-service attacks. Local denial-of-service attacks do not require additional execution...

Mobile Next 安全漏洞

Mobile Next is an open-source mobile application automation development and testing tool developed by Mobile Next. Versions of Mobile Next prior to 0.0.50 contained security vulnerabilities. These vulnerabilities stemmed from the mobileopenurl tool not verifying the URL schemes provided by users,...

Wear OS Security Bulletin—April 2026Stay organized with collectionsSave and categorize content based on your preferences.

The Wear OS Security Bulletin contains details of security vulnerabilities affecting the Wear OS platform. The full Wear OS update comprises the security patch level of 2026-04-05 or later from the April 2026 Android Security Bulletin in addition to all issues in this bulletin. We encourage all...

Android XR Bulletin—April 2026Stay organized with collectionsSave and categorize content based on your preferences.

The XR Security Bulletin contains details of security vulnerabilities affecting the XR platform. The full XR update comprises the security patch level of 2026-04-05 or later from the April 2026 Android Security Bulletin in addition to all issues in this bulletin. We encourage all customers to...

Android Security Bulletin—April 2026Stay organized with collectionsSave and categorize content based on your preferences.

This Android Security Bulletin contains details of security vulnerabilities that affect Android devices. Security patch levels of 2026-04-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Within 48 hours afte...

Android Automotive OS Update Bulletin—April 2026Stay organized with collectionsSave and categorize content based on your preferences.

The Android Automotive OS AAOS Update Bulletin contains details of security vulnerabilities affecting the Android Automotive OS platform. The full AAOS update comprises the security patch level of 2026-04-05 or later from the April 2026 Android Security Bulletin in addition to all issues in this...