Yohann Sillam

**Name of the Vulnerable Software and Affected Versions** Framelink Figma MCP Server versions prior to 0.6.3 Figma-developer-mcp versions prior to 0.6.3 **Description** A command injection flaw exists in the Framelink Figma MCP Server, allowing an unauthenticated remote attacker to execute arbitrary operating system commands. The vulnerability stems from the unsanitized use of user-supplied input within a `child process.exec` call. This enables an attacker to inject malicious commands that are executed with the privileges of the server process. Exploitation requires network access to the MCP interface. The vulnerability is present in the `fetchWithRetry` function, which falls back to executing a `curl` command via `child process.exec` when a standard fetch request fails. The command is constructed by directly interpolating URL and header values into a shell command string, creating a shell metacharacter injection risk. Attackers can leverage this flaw through various methods, including indirect prompt injection and by crafting malicious API requests. The server is popular, with around 100,000 monthly downloads. Successful exploitation can lead to remote code execution (RCE) on the host machine, potentially allowing attackers to access local files, exfiltrate credentials, or implant viruses. The vulnerability was discovered in July 2025 and addressed in version 0.6.3. **Recommendations** Update to version 0.6.3 or later of figma-developer-mcp. Avoid using `child process.exec` with untrusted input. Use `child process.execFile` instead of `child process.exec` to avoid shell interpretation.

**Name of the Vulnerable Software and Affected Versions** nbconvert versions up to and including 7.16.6 **Description** The nbconvert tool, used for converting Jupyter notebooks to various formats, has an issue on Windows systems. Converting a notebook with SVG output to PDF can lead to unauthorized code execution. A malicious actor can create an `inkscape.bat` file containing a Windows batch script capable of arbitrary code execution. When a user runs `jupyter nbconvert --to pdf` on a notebook containing SVG output on a Windows platform from the directory containing the malicious file, the `inkscape.bat` file is unexpectedly executed. The issue involves the use of Jinja templates during the conversion process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LiteSpeed QUIC (LSQUIC) Library versions prior to 4.3.1 **Description** The LiteSpeed QUIC (LSQUIC) Library contains a memory leak in the `lsquic engine packet in` function. **Recommendations** Update to LiteSpeed QUIC (LSQUIC) Library version 4.3.1 or later.

**Name of the Vulnerable Software and Affected Versions** WordPress versions 3.5 through 6.8.2 **Description** WordPress versions 3.5 through 6.8.2 are susceptible to a flaw that allows remote attackers to determine the titles of private and draft posts through pingback.ping XML-RPC requests. **Recommendations** Update to version 6.8.3. Disable pingbacks.

**Name of the Vulnerable Software and Affected Versions** Apache Traffic Server versions 9.0.0 through 9.2.10 Apache Traffic Server versions 10.0.0 through 10.0.5 **Description** The issue allows excessive memory consumption if malicious instructions are inserted due to the lack of a limit for maximum inclusion depth in the ESI plugin. This can be exploited, potentially leading to significant issues. Users can utilize a new setting for the plugin (`--max-inclusion-depth`) to limit the inclusion depth. **Recommendations** For Apache Traffic Server versions 9.0.0 through 9.2.10, upgrade to version 9.2.11. For Apache Traffic Server versions 10.0.0 through 10.0.5, upgrade to version 10.0.6.