CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Summary A command injection vulnerability exists in the figma-developer-mcp MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to childprocess.exec, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote...

7.5CVSS9.5AI score0.07417EPSS

Exploits0References3

Positive Technologies•added 2025/09/30 12:0 a.m.•5 views

PT-2025-40054

Framelink Figma MCP Server and Affected Versions Framelink Figma MCP Server versions prior to 0.6.3 Description The Framelink Figma MCP Server before version 0.6.3 contains a command injection flaw that allows an unauthenticated remote attacker to execute arbitrary operating system commands. This...

8CVSS8.1AI score0.07417EPSS

Exploits0References31

Positive Technologies•added 2025/09/30 12:0 a.m.•3 views

PT-2025-40046

Summary A command injection vulnerability exists in the figma-developer-mcp MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to child process.exec, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote...

7.5CVSS9.5AI score

Exploits0References4

RedhatCVE•added 2025/09/17 10:45 p.m.•4 views

CVE-2025-55211

FreePBX is an open-source web-based graphical user interface. From 17.0.19.11 to before 17.0.21, authenticated users of the Administrator Control Panel ACP can run arbitrary shell commands by maliciously changing languages of the framework module. This vulnerability is fixed in 17.0.21...

8.7CVSS7AI score0.004EPSS

Exploits0References1

NVD•added 2025/09/15 9:15 p.m.•5 views

CVE-2025-55211

8.8CVSS0.004EPSS

Exploits0References1

ATTACKERKB•added 2025/09/15 9:0 p.m.•5 views

CVE-2025-55211

8.8CVSS5.8AI score0.004EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2025/09/15 12:0 a.m.•4 views

PT-2025-37763

Name of the Vulnerable Software and Affected Versions: FreePBX versions 17.0.19.11 through 17.0.20 Description: FreePBX is a web-based graphical user interface. Authenticated users of the Administrator Control Panel ACP can execute arbitrary shell commands by manipulating the framework module's...

8.7CVSS7.1AI score0.004EPSS

Exploits0References3

CNNVD•added 2025/09/15 12:0 a.m.•3 views

FreePBX 操作系统命令注入漏洞

FreePBX formerly known as Asterisk Management Portal is a set of tools from the FreePBX project for configuring Asterisk IP telephony system via a GUI web-based graphical interface. An operating system command injection vulnerability exists in FreePBX version 17.0.19.11 through versions prior to...

8.8CVSS7.5AI score0.004EPSS

Exploits0References2

Tenable Nessus•added 2025/09/10 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2024-28335

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the...

9.1CVSS8.1AI score0.00842EPSS

Exploits0References2

CNNVD•added 2025/09/09 12:0 a.m.•3 views

Schneider Electric Saitel DR RTU 操作系统命令注入漏洞

The Schneider Electric Saitel DR RTU is a remote terminal device from Schneider Electric France. The Schneider Electric Saitel DR RTU suffers from an operating system command injection vulnerability that stems from improper neutralization of special elements, which could lead to the execution of...

5.8CVSS7.5AI score0.00537EPSS

Exploits0References1

NVD•added 2025/09/04 10:42 a.m.•8 views

CVE-2025-58358

Markdownify is a Model Context Protocol server for converting almost anything to Markdown. Versions below 0.0.2 contain a command injection vulnerability, caused by the unsanitized use of input parameters within a call to childprocess.exec, enabling an attacker to inject arbitrary system commands...

7.5CVSS0.0099EPSS

Exploits0References2