8 matches found
CVE-2025-12489
evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of evernote-mcp-server. An attacker must first obtain the ability to execute low-privileged code on the target system in...
CVE-2025-12489
evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of evernote-mcp-server. An attacker must first obtain the ability to execute low-privileged code on the target system in...
CVE-2025-12489 evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability
evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of evernote-mcp-server. An attacker must first obtain the ability to execute low-privileged code on the target system in...
CVE-2025-12489
CVE-2025-12489 affects evernote-mcp-server. The openBrowser function is vulnerable to command injection due to insufficient validation of a user-supplied string before a system call, allowing a local attacker who can run low-privileged code to escalate privileges and execute arbitrary code in the...
CVE-2025-12489 evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability
evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of evernote-mcp-server. An attacker must first obtain the ability to execute low-privileged code on the target system in...
Evernote MCP Server 操作系统命令注入漏洞
Evernote MCP Server is a Large Model Context Protocol server for brentmid individual developers. Evernote MCP Server suffers from an operating system command injection vulnerability that stems from the openBrowser function not properly validating a user-supplied string, which could lead to...
evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of evernote-mcp-server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the openBrowser...
Command Injection
net.snowflake:snowflake-jdbc is vulnerable to Command Injection. The vulnerability exists due to improper input sanitizations in the openBrowser function of SessionUtilExternalBrowser.java. An attacker is able to set up a malicious server to respond to an SSO URL with a malicious payload, leading...