Lucene search
+L

9 matches found

osv
osv
added 2026/07/06 6:30 a.m.4 views

CVE-2026-14802 react create-react-app react-dev-utils openBrowser.js startBrowserProcess os command injection

A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the function startBrowserProcess of the file openBrowser.js of the component react-dev-utils. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The...

6.9CVSS6.7AI score0.01324EPSS
Exploits0References8
redhatcve
redhatcve
added 2025/11/07 8:56 p.m.7 views

CVE-2025-12489

evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of evernote-mcp-server. An attacker must first obtain the ability to execute low-privileged code on the target system in...

7.8CVSS7.6AI score0.01386EPSS
Exploits0References1
nvd
nvd
added 2025/11/06 9:15 p.m.7 views

CVE-2025-12489

evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of evernote-mcp-server. An attacker must first obtain the ability to execute low-privileged code on the target system in...

7.8CVSS0.01386EPSS
Exploits0References2
cvelist
cvelist
added 2025/11/06 8:11 p.m.13 views

CVE-2025-12489 evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability

evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of evernote-mcp-server. An attacker must first obtain the ability to execute low-privileged code on the target system in...

7.8CVSS0.01386EPSS
Exploits0References2
cve
cve
added 2025/11/06 8:11 p.m.14 views

CVE-2025-12489

CVE-2025-12489 affects evernote-mcp-server. The openBrowser function is vulnerable to command injection due to insufficient validation of a user-supplied string before a system call, allowing a local attacker who can run low-privileged code to escalate privileges and execute arbitrary code in the...

7.8CVSS7.3AI score0.01386EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/11/06 8:11 p.m.4 views

CVE-2025-12489 evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability

evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of evernote-mcp-server. An attacker must first obtain the ability to execute low-privileged code on the target system in...

7.8CVSS7.3AI score0.01386EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/11/06 12:0 a.m.6 views

Evernote MCP Server 操作系统命令注入漏洞

Evernote MCP Server is a Large Model Context Protocol server for brentmid individual developers. Evernote MCP Server suffers from an operating system command injection vulnerability that stems from the openBrowser function not properly validating a user-supplied string, which could lead to...

7.8CVSS8.1AI score0.01386EPSS
Exploits0References2
zdi
zdi
added 2025/10/30 12:0 a.m.9 views

evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of evernote-mcp-server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the openBrowser...

7.8CVSS7.4AI score0.01386EPSS
Exploits0References1
veracode
veracode
added 2023/04/19 8:22 a.m.35 views

Command Injection

net.snowflake:snowflake-jdbc is vulnerable to Command Injection. The vulnerability exists due to improper input sanitizations in the openBrowser function of SessionUtilExternalBrowser.java. An attacker is able to set up a malicious server to respond to an SSO URL with a malicious payload, leading...

8.8CVSS8.8AI score0.01668EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder