9 matches found
CVE-2026-14802 react create-react-app react-dev-utils openBrowser.js startBrowserProcess os command injection
A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the function startBrowserProcess of the file openBrowser.js of the component react-dev-utils. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The...
CVE-2025-12489
evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of evernote-mcp-server. An attacker must first obtain the ability to execute low-privileged code on the target system in...
CVE-2025-12489
evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of evernote-mcp-server. An attacker must first obtain the ability to execute low-privileged code on the target system in...
CVE-2025-12489 evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability
evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of evernote-mcp-server. An attacker must first obtain the ability to execute low-privileged code on the target system in...
CVE-2025-12489
CVE-2025-12489 affects evernote-mcp-server. The openBrowser function is vulnerable to command injection due to insufficient validation of a user-supplied string before a system call, allowing a local attacker who can run low-privileged code to escalate privileges and execute arbitrary code in the...
CVE-2025-12489 evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability
evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of evernote-mcp-server. An attacker must first obtain the ability to execute low-privileged code on the target system in...
Evernote MCP Server 操作系统命令注入漏洞
Evernote MCP Server is a Large Model Context Protocol server for brentmid individual developers. Evernote MCP Server suffers from an operating system command injection vulnerability that stems from the openBrowser function not properly validating a user-supplied string, which could lead to...
evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of evernote-mcp-server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the openBrowser...
Command Injection
net.snowflake:snowflake-jdbc is vulnerable to Command Injection. The vulnerability exists due to improper input sanitizations in the openBrowser function of SessionUtilExternalBrowser.java. An attacker is able to set up a malicious server to respond to an SSO URL with a malicious payload, leading...