189 matches found
CVE-2026-8419
The Amazon Scraper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scrip...
CVE-2026-8419 Amazon Scraper <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Update
The Amazon Scraper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scrip...
CVE-2026-8419 Amazon Scraper <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Update
The Amazon Scraper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scrip...
CVE-2026-8419
The CVE-2026-8419 entry aggregates a CSRF vulnerability in the WordPress Amazon Scraper plugin (versions up to and including 1.1). The underlying issue is missing or incorrect nonce validation in a function, enabling unauthenticated attackers to update settings and inject stored scripts by tricki...
CVE-2026-8419
The Amazon Scraper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scrip...
PT-2026-42077
Name of the Vulnerable Software and Affected Versions Amazon Scraper versions prior to 1.2 Description The Amazon Scraper plugin for WordPress contains a Cross-Site Request Forgery CSRF flaw. This occurs because of missing or incorrect nonce validation—a security token used to ensure requests are...
WordPress plugin Amazon Scraper 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress Amazon Scraper plugin <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability
Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Amazon Scraper versions = 1.1...
Identifying AI Web Scrapers Using Canary Tokens
From pre-training to query-time augmentation, web-scraped data helps to improve the quality and contextual relevancy of content generated by large language models LLMs. However, large-scale web scraping to feed LLMs can affect site stability and raise legal, privacy, or ethics concerns. If websit...
exploit_scrapper
No d...
CVE-2026-7146
A security vulnerability has been detected in AlejandroArciniegas mcp-data-vis up to de5a51525a69822290eaee569a1ab447b490746d. Affected by this vulnerability is the function axios of the file src/servers/web-scraper/server.js of the component HTTP Request Handler. Such manipulation leads to...
CVE-2026-7146
A security vulnerability has been detected in AlejandroArciniegas mcp-data-vis up to de5a51525a69822290eaee569a1ab447b490746d. Affected by this vulnerability is the function axios of the file src/servers/web-scraper/server.js of the component HTTP Request Handler. Such manipulation leads to...
CVE-2026-7146 AlejandroArciniegas mcp-data-vis HTTP Request server.js axios server-side request forgery
A security vulnerability has been detected in AlejandroArciniegas mcp-data-vis up to de5a51525a69822290eaee569a1ab447b490746d. Affected by this vulnerability is the function axios of the file src/servers/web-scraper/server.js of the component HTTP Request Handler. Such manipulation leads to...
EUVD-2026-25905
A security vulnerability has been detected in AlejandroArciniegas mcp-data-vis up to de5a51525a69822290eaee569a1ab447b490746d. Affected by this vulnerability is the function axios of the file src/servers/web-scraper/server.js of the component HTTP Request Handler. Such manipulation leads to...
CVE-2026-7146
CVE-2026-7146 affects AlejandroArciniegas mcp-data-vis (up to commit de5a51525a69822290eaee569a1ab447b490746d). The vulnerability targets the function axios in the file src/servers/web-scraper/server.js of the HTTP Request Handler component, enabling server-side request forgery . The description ...
MCP Data Visualization & Experimentation Platform 代码问题漏洞
MCP Data Visualization & Experimentation Platform is a large model context protocol developed by alejandro and his team. There are code-related vulnerabilities in MCP Data Visualization & Experimentation Platform. These vulnerabilities stem from improper use of the axios function in the...
PT-2026-35504
A security vulnerability has been detected in AlejandroArciniegas mcp-data-vis up to de5a51525a69822290eaee569a1ab447b490746d. Affected by this vulnerability is the function axios of the file src/servers/web-scraper/server.js of the component HTTP Request Handler. Such manipulation leads to...
EUVD-2026-23803
A security vulnerability has been detected in TransformerOptimus SuperAGI up to 0.0.14. This affects the function extractwithbs4/extractwith3k/extractwithlxml of the file superagi/helper/webpageextractor.py of the component WebScraperTool. Such manipulation leads to server-side request forgery. I...
CVE-2026-6616
A security vulnerability has been detected in TransformerOptimus SuperAGI up to 0.0.14. This affects the function extractwithbs4/extractwith3k/extractwithlxml of the file superagi/helper/webpageextractor.py of the component WebScraperTool. Such manipulation leads to server-side request forgery. I...
CVE-2026-6616 TransformerOptimus SuperAGI WebScraperTool webpage_extractor.py extract_with_lxml server-side request forgery
A security vulnerability has been detected in TransformerOptimus SuperAGI up to 0.0.14. This affects the function extractwithbs4/extractwith3k/extractwithlxml of the file superagi/helper/webpageextractor.py of the component WebScraperTool. Such manipulation leads to server-side request forgery. I...