CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

161 matches found

RedhatCVE•added 2026/01/09 12:37 p.m.•6 views

CVE-2023-50643

An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components...

9.8CVSS8AI score0.2693EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:48 a.m.•4 views

CVE-2020-17759

An issue was found in the Evernote client for Windows 10, 7, and 2008 in the protocol handler. This enables attackers for arbitrary command execution if the user clicks on a specially crafted URL. AKA: WINNOTE-19941...

8.8CVSS7.3AI score0.00442EPSS

Exploits0References1

RedhatCVE•added 2025/11/07 8:56 p.m.•2 views

CVE-2025-12489

evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of evernote-mcp-server. An attacker must first obtain the ability to execute low-privileged code on the target system in...

7.8CVSS7.6AI score0.00041EPSS

Exploits0References1

OSV•added 2025/11/06 9:15 p.m.•1 views

CVE-2025-12489

7.8CVSS7.6AI score

Exploits0References2

NVD•added 2025/11/06 9:15 p.m.•3 views

CVE-2025-12489

7.8CVSS0.00041EPSS

Exploits0References2

Snyk•added 2025/11/06 8:46 p.m.•4 views

Command Injection

Overview evernote-mcp-server is a MCP Server for Evernote unofficial Affected versions of this package are vulnerable to Command Injection via the openBrowser function. An attacker can execute arbitrary code with elevated privileges by supplying crafted input that is used in a system call without...

7.8CVSS7.9AI score0.00041EPSS

Exploits0References2

Cvelist•added 2025/11/06 8:11 p.m.•4 views

CVE-2025-12489 evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability

7.8CVSS0.00041EPSS

Exploits0References2

CVE•added 2025/11/06 8:11 p.m.•5 views

CVE-2025-12489

CVE-2025-12489 affects evernote-mcp-server. The openBrowser function is vulnerable to command injection due to insufficient validation of a user-supplied string before a system call, allowing a local attacker who can run low-privileged code to escalate privileges and execute arbitrary code in the...

7.8CVSS7.3AI score0.00041EPSS

Exploits0References2

Vulnrichment•added 2025/11/06 8:11 p.m.•2 views

CVE-2025-12489 evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability

7.8CVSS7.3AI score0.00041EPSS

Exploits0References2

CNNVD•added 2025/11/06 12:0 a.m.•2 views

Evernote MCP Server 操作系统命令注入漏洞

Evernote MCP Server is a Large Model Context Protocol server for brentmid individual developers. Evernote MCP Server suffers from an operating system command injection vulnerability that stems from the openBrowser function not properly validating a user-supplied string, which could lead to...

7.8CVSS8.1AI score0.00041EPSS

Exploits0References2

Zero Day Initiative•added 2025/10/30 12:0 a.m.•2 views

evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of evernote-mcp-server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the openBrowser...

7.8CVSS7.4AI score0.00041EPSS

Exploits0References1

Positive Technologies•added 2025/10/30 12:0 a.m.•2 views

PT-2025-44567

Name of the Vulnerable Software and Affected Versions evernote-mcp-server affected versions not specified Description The evernote-mcp-server software contains a command injection flaw in the openBrowser function. Successful exploitation of this issue could lead to privilege escalation...

7.8CVSS7AI score0.00041EPSS

Exploits0References5