EUVD-2024-52411

Malicious code in bioql PyPI...

EUVD-2023-1899

Malicious code in bioql PyPI...

EUVD-2024-46330

Malicious code in bioql PyPI...

EUVD-2024-0292

Malicious code in bioql PyPI...

EUVD-2023-40663

Malicious code in bioql PyPI...

EUVD-2025-30670

Malicious code in bioql PyPI...

GHSA-GXW4-4FC5-9GR5 figma-developer-mcp vulnerable to command injection in get_figma_data tool

Summary A command injection vulnerability exists in the figma-developer-mcp MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to childprocess.exec, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote...

Arbitrary Command Injection

Overview figma-developer-mcp is a Give your coding agent access to your Figma data. Implement designs in any framework in one-shot. Affected versions of this package are vulnerable to Arbitrary Command Injection via the childprocess.exec call using unvalidated user input directly within...

figma-developer-mcp vulnerable to command injection in get_figma_data tool

Summary A command injection vulnerability exists in the figma-developer-mcp MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to childprocess.exec, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote...

PT-2025-40054

Framelink Figma MCP Server and Affected Versions Framelink Figma MCP Server versions prior to 0.6.3 Description The Framelink Figma MCP Server before version 0.6.3 contains a command injection flaw that allows an unauthenticated remote attacker to execute arbitrary operating system commands. This...

PT-2025-40046

Summary A command injection vulnerability exists in the figma-developer-mcp MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to child process.exec, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote...

CourseSelectionSystem SQL注入漏洞

CourseSelectionSystem is a simple online course selection system by the individual developer of kidaze. CourseSelectionSystem suffers from a SQL injection vulnerability, which stems from an incorrect manipulation of the parameter cbranch in the file /Profilers/PriProfile/COUNT3s4.php, which could...

CVE-2025-10949

CVE-2025-10949 affects Changsha Developer Technology iView Editor

PT-2025-39392

Name of the Vulnerable Software and Affected Versions Changsha Developer Technology iView Editor versions up to 1.1.1 Description A flaw exists in the Markdown Handler component of the software that allows for cross site scripting. The issue is remotely exploitable and details of the exploit are...

CVE-2025-58231

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bitlydeveloper Bitly wp-bitly allows Stored XSS.This issue affects Bitly: from n/a through = 2.8.0...

CVE-2025-57924

Cross-Site Request Forgery CSRF vulnerability in Automattic Developer allows Cross Site Request Forgery. This issue affects Developer: from n/a through 1.2.6...

WordPress Developer Plugin <= 1.2.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nabil Irawan in WordPress Plugin Developer versions = 1.2.6...

CVE-2025-57924

Cross-Site Request Forgery CSRF vulnerability in Automattic Developer allows Cross Site Request Forgery. This issue affects Developer: from n/a through 1.2.6...

CVE-2025-57924 WordPress Developer Plugin <= 1.2.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Automattic Developer allows Cross Site Request Forgery. This issue affects Developer: from n/a through 1.2.6...

CVE-2025-57924

Cross-Site Request Forgery CSRF vulnerability in Automattic Developer developer allows Cross Site Request Forgery.This issue affects Developer: from n/a through = 1.2.6...