Malicious code in figma-d2c-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b65db74a06749bbb141552f97e91b15d5bdd91b57a0136dfc8bfb4034b659c8f The package ships dist/report.js, a one-line module that issues an HTTPS POST to https://www.baidu.com carrying values read from process.env. The...

MAL-2026-4562 Malicious code in figma-d2c-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b65db74a06749bbb141552f97e91b15d5bdd91b57a0136dfc8bfb4034b659c8f The package ships dist/report.js, a one-line module that issues an HTTPS POST to https://www.baidu.com carrying values read from process.env. The...

figma-tree (>=0.0.1 <=0.0.11) potentially affected by CVE-2026-2544 via lu2 (=2023.9.15)

lu2 NPM version =2023.9.15 is affected by a known vulnerability. The following packages have a transitive dependency on lu2 and may be impacted: - figma-tree =0.0.1, =0.0.11 Source cves: CVE-2026-2544 Source advisory: SNYK:JS-LU2-15285654...

@anngdinh/remote-mcp-server-authless (=0.0.0), @aredes.me/mcp-camara (=1.0.6) +128 more potentially affected by unknown CVE via agents (>=0.0.100 <=0.2.35)

agents NPM version =0.0.100, =0.4.0, =1.1.1, =0.2.0, =0.1.0, =0.0.1, =1.0.2, =1.0.1, =0.2.0, =0.5.3 and more Source cves: unknown CVE Source advisory: SNYK:JS-AGENTS-15282793...

CVE-2025-15061

Framelink Figma MCP Server fetchWithRetry Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Framelink Figma MCP Server. Authentication is not required to exploit this vulnerability. The specific...

CVE-2025-15061

Framelink Figma MCP Server fetchWithRetry Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Framelink Figma MCP Server. Authentication is not required to exploit this vulnerability. The specific...

CVE-2025-15061 Framelink Figma MCP Server fetchWithRetry Command Injection Remote Code Execution Vulnerability

Framelink Figma MCP Server fetchWithRetry Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Framelink Figma MCP Server. Authentication is not required to exploit this vulnerability. The specific...

CVE-2025-15061

CVE-2025-15061 affects Framelink Figma MCP Server. The flaw is in the fetchWithRetry method, where a user-supplied string is not properly validated before being used in a system call, enabling remote command execution with the service account’s privileges. Attack requires network access and no au...

CVE-2025-15061 Framelink Figma MCP Server fetchWithRetry Command Injection Remote Code Execution Vulnerability

Framelink Figma MCP Server fetchWithRetry Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Framelink Figma MCP Server. Authentication is not required to exploit this vulnerability. The specific...

CVE-2025-15061

Framelink Figma MCP Server fetchWithRetry Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Framelink Figma MCP Server. Authentication is not required to exploit this vulnerability. The specific...

Framelink Figma MCP Server: Operating System Command Injection Vulnerability

Framelink Figma MCP Server is an MCP server developed by Graham Lipsman. The Framelink Figma MCP Server has a vulnerability related to operating system command injection. This vulnerability stems from the fetchWithRetry method not properly verifying the string provided by the user, which may lead...

Framelink Figma MCP Server fetchWithRetry Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Framelink Figma MCP Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the fetchWithRetry method. The issue results from the...

PT-2025-53840

Name of the Vulnerable Software and Affected Versions Framelink Figma MCP Server affected versions not specified Description This issue allows remote attackers to execute arbitrary code on affected installations of Framelink Figma MCP Server without requiring authentication. The flaw resides with...

📄 Figma Desktop Application 125.6.5 Remote Code Execution

Figma Desktop Application version 125.6.5 proof of concept remote code execution exploit that leverages the plugin manifest. ============================================================================================================================================= | Title : Figma Desktop...

Figma Developer MCP < 0.6.3 RCE (GHSA-gxw4-4fc5-9gr5)

The remote host has a version of figma-developer-mcp prior to 0.6.3. A command injection vulnerability exists in the figma-developer-mcp MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to childprocess.exec, enabling an attacker to inject arbitrary...

EUVD-2025-35151

Malicious code in @jdei/codmi-figma-test npm...

MAL-2025-48541 Malicious code in @jdei/codmi-figma-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8fecfd138476c3c3b51878bce2a48c0b9d4ffb9f2d5476a90edeef147217eb29 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview @jdei/codmi-figma-test is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

Command Injection

figma-developer-mcp is vulnerable to Command Injection. The vulnerability is due to unsanitized input to shell metacharacters in a POST being passed to a fetchWithRetry curl command, and an unauthenticated attacker with network access can inject and execute arbitrary OS commands as the MCP proces...

CVE-2025-53967

Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands via a crafted HTTP POST request with shell metacharacters in input that is used by a fetchWithRetry curl command. The vulnerable endpoint fails to properly sanitize...