6 matches found
External Control of File Name or Path
Overview apm-cli is a MCP configuration tool Affected versions of this package are vulnerable to External Control of File Name or Path through improper validation of manifest-controlled paths in the plugin.json file during the installation process. An attacker can cause arbitrary files or...
Directory Traversal
Overview openclaw is a π¦ OpenClaw β Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the plugin installation. An attacker can overwrite files outside the intended directory by submitting a malicious plugin manifest with crafted directory names...
π Figma Desktop Application 125.6.5 Remote Code Execution
Figma Desktop Application version 125.6.5 proof of concept remote code execution exploit that leverages the plugin manifest. ============================================================================================================================================= | Title : Figma Desktop...
CVE-2025-56803
CVE-2025-56803 affects Figma Desktop for Windows v125.6.5. The vulnerability is a command injection in the local plugin loader: if a plugin manifest.json includes a string in the build field, it is passed to Node.js child_process.exec without validation, enabling arbitrary OS command execution wh...
CVE-2025-56803
Figma Desktop for Windows version 125.6.5 contains a command injection vulnerability in the local plugin loader. An attacker can execute arbitrary OS commands by setting a crafted build field in the plugin's manifest.json. This field is passed to childprocess.exec without validation, leading to...
Exploit for CVE-2025-56803
CVE-2025-56803 Command Injection Vulnerability via Plugin...