CVE-2026-33989

Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the @mobilenext/mobile-mcp server contains a Path Traversal vulnerability in the mobilesavescreenshot and mobilestartscreenrecording tools. The saveTo and output parameters were passed directly to...

CVE-2026-33989

Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the @mobilenext/mobile-mcp server contains a Path Traversal vulnerability in the mobilesavescreenshot and mobilestartscreenrecording tools. The saveTo and output parameters were passed directly to...

CVE-2026-33989

CVE-2026-33989 affects the @mobilenext/mobile-mcp server. Before v0.0.49, the tools mobile_save_screenshot and mobile_start_screen_recording pass saveTo/output directly to filesystem operations without path validation, enabling an attacker to perform path traversal and write files outside the int...

CVE-2026-33989 @mobilenext/mobile-mcp alllows arbitrary file write via Path Traversal in mobile screen capture tools

Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the @mobilenext/mobile-mcp server contains a Path Traversal vulnerability in the mobilesavescreenshot and mobilestartscreenrecording tools. The saveTo and output parameters were passed directly to...

CVE-2026-33989

Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the @mobilenext/mobile-mcp server contains a Path Traversal vulnerability in the mobilesavescreenshot and mobilestartscreenrecording tools. The saveTo and output parameters were passed directly to...

Directory Traversal

Overview @mobilenext/mobile-mcp is a Mobile MCP Affected versions of this package are vulnerable to Directory Traversal via the saveTo and output parameters in the mobilesavescreenshot and mobilestartscreenrecording tools. An attacker can overwrite arbitrary files on the host system by supplying...

GHSA-3P2M-H2V6-G9MX @mobilenext/mobile-mcp alllows arbitrary file write via Path Traversal in mobile screen capture tools

Summary The @mobilenext/mobile-mcp server contains a Path Traversal vulnerability in the mobilesavescreenshot and mobilestartscreenrecording tools. The saveTo and output parameters were passed directly to filesystem operations without validation, allowing an attacker to write files outside the...

Mobile Next 安全漏洞

Mobile Next is an open-source mobile application automation development and testing tool developed by Mobile Next. Versions of Mobile Next prior to 0.0.49 contained security vulnerabilities. These vulnerabilities stemmed from the direct transmission of saveTo and output parameters to file system...

PT-2026-28584

Name of the Vulnerable Software and Affected Versions @mobilenext/mobile-mcp versions prior to 0.0.49 Description The @mobilenext/mobile-mcp server contains a Path Traversal vulnerability in the mobile save screenshot and mobile start screen recording tools. The saveTo and output parameters are...

GHSA-MVHF-547C-H55R thumbler allows OS Command Injection

thumbler through 1.1.2 allows OS command injection via the input, output, time, or size parameter in the thumbnail function because user input is concatenated into a shell command string passed to childprocess.exec without proper sanitization or escaping...

EUVD-2007-6551

Malware in sbrugna...

EUVD-2019-1794

Malware in sbrugna...

CVE-2019-1010044

borg-reducer c6d5240 is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: Output parameter within the executable...

CVE-2012-5873

ARC aka ARC2 through 2011-12-01 allows reflected XSS via the endpoint.php query parameter in an output=htmltab action...

PT-2025-5902

Name of the Vulnerable Software and Affected Versions Legull WordPress plugin versions 1.2.2 and earlier Description The issue is related to a Reflected Cross-Site Scripting problem, where a parameter is not properly sanitised and escaped before being outputted back in the page. This could be use...

CVE-2024-56697 drm/amdgpu: Fix the memory allocation issue in amdgpu_discovery_get_nps_info()

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix the memory allocation issue in amdgpudiscoverygetnpsinfo Fix two issues with memory allocation in amdgpudiscoverygetnpsinfo for memranges: - Add a check for allocation failure to avoid dereferencing a null pointer...

DEBIAN-CVE-2020-17367

Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command injection...

CVE-2019-1010044

borg-reducer c6d5240 is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: Output parameter within the executable...

CVE-2019-1010044

borg-reducer c6d5240 is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: Output parameter within the executable...

Buffer overflow

borg-reducer c6d5240 is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: Output parameter within the executable...