152 matches found
CVE-2026-28615
In Telecomm, there is a possible way to initiate an unauthorized phone call due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-35394
Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls...
CVE-2026-35394
Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls...
@mobilenext/mobile-mcp: Arbitrary Android Intent Execution via mobile_open_url
Summary The mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls, SMS messages, and content provider access. Details The vulnerable code pass...
GHSA-5QHV-X9J4-C3VM @mobilenext/mobile-mcp: Arbitrary Android Intent Execution via mobile_open_url
Summary The mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls, SMS messages, and content provider access. Details The vulnerable code pass...
PT-2026-30323
Summary The mobile open url tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls, SMS messages, and content provider access. Details The vulnerable code...
OneUptime 访问控制错误漏洞
OneUptime is a comprehensive open-source solution developed by OneUptime. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.42 contained a access control vulnerability. This vulnerability stemmed from the ability to access notification tests and telephone...
Google Android Denial of Service Vulnerability (CNVD-2026-13150)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from a denial of service vulnerability that is caused due to a path traversal error in multiple functions of MmsProvider.java resulting in a possible way of arbitrarily deleting files affecting phone...
EUVD-2017-15678
Malware in sbrugna...
EUVD-2019-18245
Malware in sbrugna...
EUVD-2013-6100
Malware in sbrugna...
EUVD-2024-52197
Malicious code in bioql PyPI...
EUVD-2023-46309
Malicious code in bioql PyPI...
EUVD-2023-46316
Malicious code in bioql PyPI...
EUVD-2024-52196
Malicious code in bioql PyPI...
EUVD-2023-46909
Malicious code in bioql PyPI...
CVE-2025-43977
The com.skt.prod.dialer application through 12.5.0 for Android enables any installed application with no permissions to place phone calls without user interaction by sending a crafted intent via the com.skt.prod.dialer.activities.outgoingcall.OutgoingCallInternalBroadcaster component...
CVE-2025-43977
The com.skt.prod.dialer application through 12.5.0 for Android enables any installed application with no permissions to place phone calls without user interaction by sending a crafted intent via the com.skt.prod.dialer.activities.outgoingcall.OutgoingCallInternalBroadcaster component...
CVE-2025-43976
The com.enflick.android.tn2ndLine application through 24.17.1.0 for Android enables any installed application with no permissions to place phone calls without user interaction by sending a crafted intent via the com.enflick.android.TextNow.activities.DialerActivity component...
CVE-2025-43976
CVE-2025-43976 affects com.enflick.android.tn2ndLine up to version 24.17.1.0 on Android. The vulnerability allows any installed app (no permissions required) to initiate a phone call by sending a crafted intent to com.enflick.android.TextNow.activities.DialerActivity, enabling local interaction w...