CVE-2026-33989

Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the @mobilenext/mobile-mcp server contains a Path Traversal vulnerability in the mobilesavescreenshot and mobilestartscreenrecording tools. The saveTo and output parameters were passed directly to...

EUVD-2025-24554

Malicious code in bioql PyPI...

CVE-2025-55345

Using Codex CLI in workspace-write mode inside a malicious context repo, directory, etc could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory...

CVE-2025-55345

Using Codex CLI in workspace-write mode inside a malicious context repo, directory, etc could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory...

CVE-2025-55345

Using Codex CLI in workspace-write mode inside a malicious context repo, directory, etc could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory...

CVE-2025-55345

CVE-2025-55345 concerns OpenAI Codex CLI when used in a restricted workspace-write sandbox. The issue arises because symlinks are followed outside the allowed current working directory in a malicious context (repo/directory), enabling arbitrary file overwrite and potentially remote code execution...

PT-2025-32971 · Codex Cli · Codex Cli

Name of the Vulnerable Software and Affected Versions: Codex CLI affected versions not specified Description: Using Codex CLI in workspace-write mode within a malicious context repository, directory, etc. may lead to arbitrary file overwrite and potentially remote code execution. This occurs...