3 matches found
EUVD-2025-26625
Malicious code in bioql PyPI...
CVE-2025-56803
Figma Desktop for Windows version 125.6.5 contains a command injection vulnerability in the local plugin loader. An attacker can execute arbitrary OS commands by setting a crafted build field in the plugin's manifest.json. This field is passed to childprocess.exec without validation, leading to...
CVE-2025-56803
CVE-2025-56803 affects Figma Desktop for Windows v125.6.5. The vulnerability is a command injection in the local plugin loader: if a plugin manifest.json includes a string in the build field, it is passed to Node.js child_process.exec without validation, enabling arbitrary OS command execution wh...