Approved changes feed: RSS · Atom

cpe:2.3:a:alejandroarciniegas:mcp-data-vis:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorAlejandroarciniegas (0eeaa262-c72d-50d6-b512-cf08018a005b)
ProductMcp Data Vis (63848b21-0736-5482-b19c-05f6d8184273)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2026-7146 vulnerable 2026-06-08 08:07:05.437596 AlejandroArciniegas mcp-data-vis HTTP Request server.js axios server-side request forgery
HIGH (7.3)
A security vulnerability has been detected in AlejandroArciniegas mcp-data-vis up to de5a51525a69822290eaee569a1ab447b490746d. Affected by this vulnerability is the function axios of the file src/servers/web-scraper/server.js of the component HTTP Request Handler. Such manipulation leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-04-27T18:00:16.792Z
Updated: 2026-04-27T18:37:28.265Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2026-5322 vulnerable 2026-06-08 08:07:03.555855 AlejandroArciniegas mcp-data-vis MCP server.js request sql injection
HIGH (7.3)
A vulnerability has been found in AlejandroArciniegas mcp-data-vis bc597e391f184d2187062fd567599a3cb72adf51/de5a51525a69822290eaee569a1ab447b490746d. This affects the function Request of the file src/servers/database/server.js of the component MCP Handler. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-04-02T05:30:15.683Z
Updated: 2026-04-02T13:10:55.307Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.