Every CVE whose affected-product data names Evernote, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2023-50643 — CVSS 9.8 (critical): An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker to execute arbitrary code via the RunAsNode and…
CVE-2020-17759 — CVSS 8.8 (high): An issue was found in the Evernote client for Windows 10, 7, and 2008 in the protocol handler. This enables attackers for arbitrary command…
CVE-2019-10038 — CVSS 7.8 (high): Evernote 7.9 on macOS allows attackers to execute arbitrary programs by embedding a reference to a local executable file such as the…
CVE-2016-4900 — CVSS 7.8 (high): Untrusted search path vulnerability in Evernote for Windows versions prior to 6.3 allows remote attackers to gain privileges via a Trojan…
CVE-2019-17051 — CVSS 7.8 (high): Evernote before 7.13 GA on macOS allows code execution because the com.apple.quarantine attribute is not used for attachment files, as…
CVE-2018-20058 — CVSS 7.5 (high): In Evernote before 7.6 on macOS, there is a local file path traversal issue in attachment previewing, aka MACOSNOTE-28634.
CVE-2018-18524 — CVSS 6.1 (medium): Evernote 6.15 on Windows has an incorrectly repaired stored XSS vulnerability. An attacker can use this XSS issue to inject Node.js code…