Lucene search
K

152 matches found

NVD
NVD
added 2026/06/17 1:20 p.m.11 views

CVE-2026-28615

In Telecomm, there is a possible way to initiate an unauthorized phone call due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS0.00123EPSS
Exploits0References1
NVD
NVD
added 2026/04/06 9:16 p.m.5 views

CVE-2026-35394

Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls...

8.8CVSS0.00387EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/06 8:52 p.m.4 views

CVE-2026-35394

Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls...

8.3CVSS6.2AI score0.00387EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/04 5:37 a.m.8 views

@mobilenext/mobile-mcp: Arbitrary Android Intent Execution via mobile_open_url

Summary The mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls, SMS messages, and content provider access. Details The vulnerable code pass...

8.8CVSS6.3AI score0.00387EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/04/04 5:37 a.m.4 views

GHSA-5QHV-X9J4-C3VM @mobilenext/mobile-mcp: Arbitrary Android Intent Execution via mobile_open_url

Summary The mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls, SMS messages, and content provider access. Details The vulnerable code pass...

8.3CVSS6.3AI score0.00387EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/04/04 12:0 a.m.10 views

PT-2026-30323

Summary The mobile open url tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls, SMS messages, and content provider access. Details The vulnerable code...

8.3CVSS6.3AI score0.00387EPSS
Exploits1References8
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.6 views

OneUptime 访问控制错误漏洞

OneUptime is a comprehensive open-source solution developed by OneUptime. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.42 contained a access control vulnerability. This vulnerability stemmed from the ability to access notification tests and telephone...

9.1CVSS5.8AI score0.00348EPSS
Exploits1References3
CNVD
CNVD
added 2026/03/09 12:0 a.m.2 views

Google Android Denial of Service Vulnerability (CNVD-2026-13150)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a denial of service vulnerability that is caused due to a path traversal error in multiple functions of MmsProvider.java resulting in a possible way of arbitrarily deleting files affecting phone...

9.1CVSS5.8AI score0.00263EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2017-15678

Malware in sbrugna...

5.3CVSS5.5AI score0.01385EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2019-18245

Malware in sbrugna...

4.3CVSS4.9AI score0.00675EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2013-6100

Malware in sbrugna...

7.8CVSS7.8AI score0.01493EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-52197

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00249EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-46309

Malicious code in bioql PyPI...

2.8CVSS6.6AI score0.00143EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-46316

Malicious code in bioql PyPI...

2.8CVSS6.6AI score0.00143EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-52196

Malicious code in bioql PyPI...

7.7CVSS6.6AI score0.00163EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-46909

Malicious code in bioql PyPI...

3.3CVSS4.7AI score0.00309EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/07/23 12:57 a.m.16 views

CVE-2025-43977

The com.skt.prod.dialer application through 12.5.0 for Android enables any installed application with no permissions to place phone calls without user interaction by sending a crafted intent via the com.skt.prod.dialer.activities.outgoingcall.OutgoingCallInternalBroadcaster component...

5.5CVSS7AI score0.00136EPSS
Exploits0References1
NVD
NVD
added 2025/07/21 3:15 p.m.4 views

CVE-2025-43977

The com.skt.prod.dialer application through 12.5.0 for Android enables any installed application with no permissions to place phone calls without user interaction by sending a crafted intent via the com.skt.prod.dialer.activities.outgoingcall.OutgoingCallInternalBroadcaster component...

5.5CVSS0.00136EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/07/21 12:0 a.m.5 views

CVE-2025-43976

The com.enflick.android.tn2ndLine application through 24.17.1.0 for Android enables any installed application with no permissions to place phone calls without user interaction by sending a crafted intent via the com.enflick.android.TextNow.activities.DialerActivity component...

7AI score0.00185EPSS
Exploits1References3
CVE
CVE
added 2025/07/21 12:0 a.m.36 views

CVE-2025-43976

CVE-2025-43976 affects com.enflick.android.tn2ndLine up to version 24.17.1.0 on Android. The vulnerability allows any installed app (no permissions required) to initiate a phone call by sending a crafted intent to com.enflick.android.TextNow.activities.DialerActivity, enabling local interaction w...

5.5CVSS6.4AI score0.00185EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder