Mcp Data Vis
Approved changes feed: RSS · Atom
cpe:2.3:a:alejandroarciniegas:mcp-data-vis:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Alejandroarciniegas (0eeaa262-c72d-50d6-b512-cf08018a005b) |
|---|---|
| Product | Mcp Data Vis (63848b21-0736-5482-b19c-05f6d8184273) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-7146 |
vulnerable | 2026-06-08 08:07:05.437596 |
AlejandroArciniegas mcp-data-vis HTTP Request server.js axios server-side request forgery
HIGH (7.3)
A security vulnerability has been detected in AlejandroArciniegas mcp-data-vis up to de5a51525a69822290eaee569a1ab447b490746d. Affected by this vulnerability is the function axios of the file src/servers/web-scraper/server.js of the component HTTP Request Handler. Such manipulation leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-04-27T18:00:16.792Z
Updated: 2026-04-27T18:37:28.265Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-5322 |
vulnerable | 2026-06-08 08:07:03.555855 |
AlejandroArciniegas mcp-data-vis MCP server.js request sql injection
HIGH (7.3)
A vulnerability has been found in AlejandroArciniegas mcp-data-vis bc597e391f184d2187062fd567599a3cb72adf51/de5a51525a69822290eaee569a1ab447b490746d. This affects the function Request of the file src/servers/database/server.js of the component MCP Handler. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-04-02T05:30:15.683Z
Updated: 2026-04-02T13:10:55.307Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.