CVE-2025-53967

Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands via a crafted HTTP POST request with shell metacharacters in input that is used by a fetchWithRetry curl command. The vulnerable endpoint fails to properly sanitize...

BBOT 安全漏洞

BBOT is an open source recursive internet scanner from Black Lantern Security. BBOT has a security vulnerability that stems from a malicious git repository that could lead to command execution...

PT-2025-41396

Name of the Vulnerable Software and Affected Versions BBOT affected versions not specified Description The gitdumper module in BBOT is susceptible to exploitation, allowing attackers to execute arbitrary commands on the host system. This occurs through the processing of malicious Git repositories...

PT-2025-41452

Name of the Vulnerable Software and Affected Versions Palo Alto Networks PAN-OS affected versions not specified Description An improper input neutralization issue exists in the management web interface. This allows an authenticated administrator to bypass system restrictions and execute arbitrary...

VulnCheck KEV: CVE-2022-37129

D-Link DIR-816 A2v1.10CNB04.img is vulnerable to Command Injection via /goform/SystemCommand. After the user passes in the command parameter, it will be spliced into byte4836B0 by snprintf, and finally doSystem&byte4836B0; will be executed, resulting in a command injection...

Tenda AC7 命令注入漏洞

Tenda AC7 is a wireless router from Tenda, a Chinese company. A command injection vulnerability exists in Tenda AC7 version 15.03.06.44, which originates from the failure to properly filter the parameter lanIp in the file /goform/AdvSetLanip to construct command special characters, commands, etc...

AlmaLinux 10 : golang (ALSA-2025:13941)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:13941 advisory. cmd/go: Go VCS Command Execution Vulnerability CVE-2025-4674 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory...

CVE-2025-61913 Flowise is vulnerable to arbitrary file read, arbitrary file write

Flowise is a drag & drop user interface to build a customized large language model flow. In versions prior to 3.0.8, WriteFileTool and ReadFileTool in Flowise do not restrict file path access, allowing authenticated attackers to exploit this vulnerability to read and write arbitrary files to any...

CVE-2025-61913 Flowise is vulnerable to arbitrary file read, arbitrary file write

Flowise is a drag & drop user interface to build a customized large language model flow. In versions prior to 3.0.8, WriteFileTool and ReadFileTool in Flowise do not restrict file path access, allowing authenticated attackers to exploit this vulnerability to read and write arbitrary files to any...

CVE-2025-53967

Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands via a crafted HTTP POST request with shell metacharacters in input that is used by a fetchWithRetry curl command. The vulnerable endpoint fails to properly sanitize...

CVE-2025-53967

Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands via a crafted HTTP POST request with shell metacharacters in input that is used by a fetchWithRetry curl command. The vulnerable endpoint fails to properly sanitize...

CVE-2025-62186

Ankitects Anki before 25.02.5 allows a crafted shared deck on Windows to execute arbitrary commands when playing audio because of URL scheme mishandling...

CVE-2025-54406

Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command...

EUVD-2025-31868

EUVD-2025-31868...

CVE-2025-53967

CVE-2025-53967 affects Framelink Figma MCP Server prior to 0.6.3. The vulnerability is a command injection in the MCP server’s input handling, where user-controlled data is interpolated into shell commands (via a curl fallback in fetch-with-retry), enabling an unauthenticated remote attacker to e...

Flowise 路径遍历漏洞

Flowise is a FlowiseAI open source tool for easily building LLM applications. A path traversal vulnerability exists in versions prior to Flowise 3.0.8, which stems from unrestricted file path access in WriteFileTool and ReadFileTool, and could lead to arbitrary file reads and writes and remote...

PT-2025-41318

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.8 Description Flowise is a drag and drop user interface used to build customized large language model flows. Versions prior to 3.0.8 contain a flaw in the WriteFileTool and ReadFileTool components where file path...

CVE-2025-53967

Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands via a crafted HTTP POST request with shell metacharacters in input that is used by a fetchWithRetry curl command. The vulnerable endpoint fails to properly sanitize...

CVE-2025-36565

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Argument Delimiters in a...

CVE-2025-11407

CVE-2025-11407 affects D-Link DI-7001 MINI (firmware 24.04.18B1). The vulnerability is in the upgrade_filter.asp component where manipulation of the path argument leads to OS command injection. Attack could be initiated remotely, and public exploits exist. Some sources do not provide a confirmed ...