Lucene search
K

5 matches found

CVE
CVE
added 2026/01/23 3:20 a.m.17 views

CVE-2025-15061

CVE-2025-15061 affects Framelink Figma MCP Server. The flaw is in the fetchWithRetry method, where a user-supplied string is not properly validated before being used in a system call, enabling remote command execution with the service account’s privileges. Attack requires network access and no au...

9.8CVSS6.5AI score0.02127EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/23 3:20 a.m.6 views

CVE-2025-15061

Framelink Figma MCP Server fetchWithRetry Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Framelink Figma MCP Server. Authentication is not required to exploit this vulnerability. The specific...

9.8CVSS6.3AI score0.02127EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/23 3:20 a.m.31 views

CVE-2025-15061 Framelink Figma MCP Server fetchWithRetry Command Injection Remote Code Execution Vulnerability

Framelink Figma MCP Server fetchWithRetry Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Framelink Figma MCP Server. Authentication is not required to exploit this vulnerability. The specific...

9.8CVSS0.02127EPSS
Exploits0References2
NVD
NVD
added 2025/10/08 5:15 p.m.13 views

CVE-2025-53967

Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands via a crafted HTTP POST request with shell metacharacters in input that is used by a fetchWithRetry curl command. The vulnerable endpoint fails to properly sanitize...

8CVSS0.07417EPSS
Exploits0References3
CVE
CVE
added 2025/10/08 12:0 a.m.51 views

CVE-2025-53967

CVE-2025-53967 affects Framelink Figma MCP Server prior to 0.6.3. The vulnerability is a command injection in the MCP server’s input handling, where user-controlled data is interpolated into shell commands (via a curl fallback in fetch-with-retry), enabling an unauthenticated remote attacker to e...

8CVSS7.3AI score0.07417EPSS
Exploits0References3
Rows per page
Query Builder