Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Veracode
Veracodeadded 2025/10/09 6:19 a.m.2 views

Command Injection

figma-developer-mcp is vulnerable to Command Injection. The vulnerability is due to unsanitized input to shell metacharacters in a POST being passed to a fetchWithRetry curl command, and an unauthenticated attacker with network access can inject and execute arbitrary OS commands as the MCP proces...

8CVSS7.8AI score0.00011EPSS
Exploits0References4Affected Software1
EUVD
EUVDadded 2025/10/08 12:0 a.m.2 views

EUVD-2025-31753

Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands via a crafted HTTP POST request with shell metacharacters in input that is used by a fetchWithRetry curl command. The vulnerable endpoint fails to properly sanitize...

8CVSS7.2AI score0.00011EPSS
Exploits0References6
OSV
OSVadded 2025/09/30 5:1 p.m.1 views

GHSA-GXW4-4FC5-9GR5 figma-developer-mcp vulnerable to command injection in get_figma_data tool

Summary A command injection vulnerability exists in the figma-developer-mcp MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to childprocess.exec, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote...

7.5CVSS9.5AI score0.00011EPSS
Exploits0References3
Snyk
Snykadded 2025/09/30 5:1 p.m.1 views

Arbitrary Command Injection

Overview figma-developer-mcp is a Give your coding agent access to your Figma data. Implement designs in any framework in one-shot. Affected versions of this package are vulnerable to Arbitrary Command Injection via the childprocess.exec call using unvalidated user input directly within...

8CVSS7.9AI score0.00011EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2025/09/30 5:1 p.m.12 views

figma-developer-mcp vulnerable to command injection in get_figma_data tool

Summary A command injection vulnerability exists in the figma-developer-mcp MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to childprocess.exec, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote...

8CVSS9.5AI score0.00011EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologiesadded 2025/09/30 12:0 a.m.0 views

PT-2025-40046

Summary A command injection vulnerability exists in the figma-developer-mcp MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to child process.exec, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote...

7.5CVSS9.5AI score
Exploits0References4
Positive Technologies
Positive Technologiesadded 2025/09/30 12:0 a.m.2 views

PT-2025-40054

Framelink Figma MCP Server and Affected Versions Framelink Figma MCP Server versions prior to 0.6.3 Description The Framelink Figma MCP Server before version 0.6.3 contains a command injection flaw that allows an unauthenticated remote attacker to execute arbitrary operating system commands. This...

8CVSS8.1AI score0.00011EPSS
Exploits0References31
Rows per page
Query Builder