Lucene search
K

88 matches found

NVD
NVD
added 2026/07/03 3:16 a.m.10 views

CVE-2026-12960

An Improper Export of Android Application Components vulnerability in ASUS Router App allows a third-party application on the same device to send a crafted Intent that causes ASUS Router App to open an specified URL. Refer to the ' Security Update for ASUS Router Android App ' section on the ASUS...

6CVSS0.00116EPSS
Exploits0References1
CVE
CVE
added 2026/07/03 2:0 a.m.18 views

CVE-2026-12960

CVE-2026-12960 affects the ASUS Router Android app. The issue is an Improper Export of Android Application Components, where a local third-party app on the same device can send a crafted Intent that causes the ASUS Router App to open a specified URL. CVSS metrics indicate local access, low comple...

6CVSS5.8AI score0.00116EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/03 2:0 a.m.8 views

CVE-2026-12960

An Improper Export of Android Application Components vulnerability in ASUS Router App allows a third-party application on the same device to send a crafted Intent that causes ASUS Router App to open an specified URL. Refer to the ' Security Update for ASUS Router Android App ' section on the ASUS...

6CVSS5.8AI score0.00116EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/03 2:0 a.m.36 views

CVE-2026-12960

An Improper Export of Android Application Components vulnerability in ASUS Router App allows a third-party application on the same device to send a crafted Intent that causes ASUS Router App to open an specified URL. Refer to the ' Security Update for ASUS Router Android App ' section on the ASUS...

6CVSS0.00116EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 1:22 p.m.10 views

EUVD-2019-20171

AllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers to overwrite structured exception handling pointers by supplying an excessively long URL string. Attackers can craft a malicious URL, paste it into the Open URL dialog, and trigger SEH-based code...

8.6CVSS6.4AI score0.00148EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/04 1:22 p.m.8 views

CVE-2019-25735 AllPlayer 7.4 Local Buffer Overflow via SEH Unicode

AllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers to overwrite structured exception handling pointers by supplying an excessively long URL string. Attackers can craft a malicious URL, paste it into the Open URL dialog, and trigger SEH-based code...

8.6CVSS6.4AI score0.00148EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/21 7:36 p.m.6 views

CVE-2026-47114

IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote attackers to execute arbitrary commands by supplying malicious mpv-prefixed query parameters through the iina://open custom URL scheme handler. Attackers can deliver a crafted URL via a browser that pass...

8.8CVSS6.2AI score0.00702EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/21 7:36 p.m.14 views

EUVD-2026-31331

IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote attackers to execute arbitrary commands by supplying malicious mpv-prefixed query parameters through the iina://open custom URL scheme handler. Attackers can deliver a crafted URL via a browser that pass...

8.8CVSS6.2AI score0.00702EPSS
Exploits0References4
OSV
OSV
added 2026/05/21 7:36 p.m.3 views

CVE-2026-47114 IINA < 1.4.3 Command Execution via iina://open URL Scheme

IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote attackers to execute arbitrary commands by supplying malicious mpv-prefixed query parameters through the iina://open custom URL scheme handler. Attackers can deliver a crafted URL via a browser that pass...

8.6CVSS6.4AI score0.00702EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.19 views

PT-2026-42532

IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote attackers to execute arbitrary commands by supplying malicious mpv -prefixed query parameters through the iina://open custom URL scheme handler. Attackers can deliver a crafted URL via a browser that...

8.8CVSS6.2AI score0.00702EPSS
Exploits0References5
NVD
NVD
added 2026/04/28 4:16 a.m.7 views

CVE-2026-7221

A vulnerability was found in TencentCloudBase CloudBase-MCP up to 2.17.0. Affected is the function openUrl of the file mcp/src/interactive-server.ts of the component open-url API Endpoint. The manipulation of the argument req.body.url results in server-side request forgery. It is possible to laun...

7.5CVSS0.00298EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/04/28 3:30 a.m.6 views

CVE-2026-7221

A vulnerability was found in TencentCloudBase CloudBase-MCP up to 2.17.0. Affected is the function openUrl of the file mcp/src/interactive-server.ts of the component open-url API Endpoint. The manipulation of the argument req.body.url results in server-side request forgery. It is possible to laun...

7.5CVSS5.1AI score0.00298EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2026/04/28 3:30 a.m.32 views

CVE-2026-7221 TencentCloudBase CloudBase-MCP open-url API Endpoint interactive-server.ts openUrl server-side request forgery

A vulnerability was found in TencentCloudBase CloudBase-MCP up to 2.17.0. Affected is the function openUrl of the file mcp/src/interactive-server.ts of the component open-url API Endpoint. The manipulation of the argument req.body.url results in server-side request forgery. It is possible to laun...

7.5CVSS0.00298EPSS
Exploits0References8
OSV
OSV
added 2026/04/28 3:30 a.m.1 views

CVE-2026-7221 TencentCloudBase CloudBase-MCP open-url API Endpoint interactive-server.ts openUrl server-side request forgery

A vulnerability was found in TencentCloudBase CloudBase-MCP up to 2.17.0. Affected is the function openUrl of the file mcp/src/interactive-server.ts of the component open-url API Endpoint. The manipulation of the argument req.body.url results in server-side request forgery. It is possible to laun...

6.9CVSS6.5AI score0.00298EPSS
Exploits0References10
CVE
CVE
added 2026/04/28 3:30 a.m.10 views

CVE-2026-7221

CVE-2026-7221 affects TencentCloudBase CloudBase-MCP (up to v2.17.0) with a vulnerability in the openUrl function (mcp/src/interactive-server.ts) of the open-url API Endpoint. Manipulating req.body.url enables server-side request forgery (SSRF) and can be exploited remotely; the exploit is public...

7.5CVSS5.1AI score0.00298EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.9 views

CloudBase MCP 代码问题漏洞

CloudBase MCP is an open-source tool developed by Tencent CloudBase, serving as a bridge between AI programming tools and cloud deployment. Versions of CloudBase MCP 2.17.0 and earlier contain code vulnerabilities. These vulnerabilities stem from the openUrl function in the...

7.5CVSS7.3AI score0.00298EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.8 views

PT-2026-35653

A vulnerability was found in TencentCloudBase CloudBase-MCP up to 2.17.0. Affected is the function openUrl of the file mcp/src/interactive-server.ts of the component open-url API Endpoint. The manipulation of the argument req.body.url results in server-side request forgery. It is possible to laun...

7.5CVSS7AI score0.00298EPSS
Exploits0References12
Vulnrichment
Vulnrichment
added 2026/04/06 8:52 p.m.2 views

CVE-2026-35394 Mobile Next has Arbitrary Android Intent Execution via mobile_open_url

Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls...

8.3CVSS6.2AI score0.00387EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/06 8:52 p.m.24 views

CVE-2026-35394 Mobile Next has Arbitrary Android Intent Execution via mobile_open_url

Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls...

8.3CVSS0.00387EPSS
Exploits1References1
OSV
OSV
added 2026/04/06 8:52 p.m.2 views

CVE-2026-35394 Mobile Next has Arbitrary Android Intent Execution via mobile_open_url

Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls...

8.3CVSS6.2AI score0.00387EPSS
Exploits1References3
Rows per page
Query Builder