15 matches found
@antv/f6 (>=0.0.3 <=0.0.19), fhrons-mobile (>=1.1.2-5.2 <=1.2.4-beta.5) +2 more potentially affected by unknown CVE via @antv/f6-element (=0.0.1)
@antv/f6-element NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/f6-element and may be impacted: - @antv/f6 =0.0.3, =1.1.2-5.2, =2.0.1, =1.0.0, =1.0.2 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3903...
fhrons-mobile (>=1.1.2-5.2 <=1.2.4-beta.5), fhrons-mobile-next (>=2.0.1 <=2.0.4) +1 more potentially affected by unknown CVE via @antv/f6 (=0.0.19)
@antv/f6 NPM version =0.0.19 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/f6 and may be impacted: - fhrons-mobile =1.1.2-5.2, =2.0.1, =1.0.0, =1.0.2 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3900...
CVE-2026-35394
Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls...
CVE-2026-35394
Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls...
CVE-2026-35394 Mobile Next has Arbitrary Android Intent Execution via mobile_open_url
Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls...
CVE-2026-35394
Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls...
CVE-2026-35394
A vulnerability associated with CVE-2026-35394 is described in GHSA-5QHV-X9J4-C3VM for mobile-mcp’s mobile_open_url tool. It passes user-supplied URLs directly to Android’s intent system without URL scheme validation, enabling arbitrary intents (e.g., USSD, calls, SMS, content providers) and prom...
CVE-2026-35394 Mobile Next has Arbitrary Android Intent Execution via mobile_open_url
Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls...
Mobile Next 安全漏洞
Mobile Next is an open-source mobile application automation development and testing tool developed by Mobile Next. Versions of Mobile Next prior to 0.0.50 contained security vulnerabilities. These vulnerabilities stemmed from the mobileopenurl tool not verifying the URL schemes provided by users,...
CVE-2026-33989
Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the @mobilenext/mobile-mcp server contains a Path Traversal vulnerability in the mobilesavescreenshot and mobilestartscreenrecording tools. The saveTo and output parameters were passed directly to...
CVE-2026-33989
Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the @mobilenext/mobile-mcp server contains a Path Traversal vulnerability in the mobilesavescreenshot and mobilestartscreenrecording tools. The saveTo and output parameters were passed directly to...
CVE-2026-33989 @mobilenext/mobile-mcp alllows arbitrary file write via Path Traversal in mobile screen capture tools
Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the @mobilenext/mobile-mcp server contains a Path Traversal vulnerability in the mobilesavescreenshot and mobilestartscreenrecording tools. The saveTo and output parameters were passed directly to...
CVE-2026-33989 @mobilenext/mobile-mcp alllows arbitrary file write via Path Traversal in mobile screen capture tools
Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the @mobilenext/mobile-mcp server contains a Path Traversal vulnerability in the mobilesavescreenshot and mobilestartscreenrecording tools. The saveTo and output parameters were passed directly to...
Mobile Next 安全漏洞
Mobile Next is an open-source mobile application automation development and testing tool developed by Mobile Next. Versions of Mobile Next prior to 0.0.49 contained security vulnerabilities. These vulnerabilities stemmed from the direct transmission of saveTo and output parameters to file system...
PT-2026-28584
Name of the Vulnerable Software and Affected Versions @mobilenext/mobile-mcp versions prior to 0.0.49 Description The @mobilenext/mobile-mcp server contains a Path Traversal vulnerability in the mobile save screenshot and mobile start screen recording tools. The saveTo and output parameters are...