35 matches found
CVE-2026-7146
A security vulnerability has been detected in AlejandroArciniegas mcp-data-vis up to de5a51525a69822290eaee569a1ab447b490746d. Affected by this vulnerability is the function axios of the file src/servers/web-scraper/server.js of the component HTTP Request Handler. Such manipulation leads to...
CVE-2026-7146 AlejandroArciniegas mcp-data-vis HTTP Request server.js axios server-side request forgery
A security vulnerability has been detected in AlejandroArciniegas mcp-data-vis up to de5a51525a69822290eaee569a1ab447b490746d. Affected by this vulnerability is the function axios of the file src/servers/web-scraper/server.js of the component HTTP Request Handler. Such manipulation leads to...
CVE-2026-7146
CVE-2026-7146 affects AlejandroArciniegas mcp-data-vis (up to commit de5a51525a69822290eaee569a1ab447b490746d). The vulnerability targets the function axios in the file src/servers/web-scraper/server.js of the HTTP Request Handler component, enabling server-side request forgery . The description ...
CVE-2026-7146
A security vulnerability has been detected in AlejandroArciniegas mcp-data-vis up to de5a51525a69822290eaee569a1ab447b490746d. Affected by this vulnerability is the function axios of the file src/servers/web-scraper/server.js of the component HTTP Request Handler. Such manipulation leads to...
EUVD-2026-25905
A security vulnerability has been detected in AlejandroArciniegas mcp-data-vis up to de5a51525a69822290eaee569a1ab447b490746d. Affected by this vulnerability is the function axios of the file src/servers/web-scraper/server.js of the component HTTP Request Handler. Such manipulation leads to...
MCP Data Visualization & Experimentation Platform 代码问题漏洞
MCP Data Visualization & Experimentation Platform is a large model context protocol developed by alejandro and his team. There are code-related vulnerabilities in MCP Data Visualization & Experimentation Platform. These vulnerabilities stem from improper use of the axios function in the...
PT-2026-35504
A security vulnerability has been detected in AlejandroArciniegas mcp-data-vis up to de5a51525a69822290eaee569a1ab447b490746d. Affected by this vulnerability is the function axios of the file src/servers/web-scraper/server.js of the component HTTP Request Handler. Such manipulation leads to...
EUVD-2026-23803
A security vulnerability has been detected in TransformerOptimus SuperAGI up to 0.0.14. This affects the function extractwithbs4/extractwith3k/extractwithlxml of the file superagi/helper/webpageextractor.py of the component WebScraperTool. Such manipulation leads to server-side request forgery. I...
CVE-2026-6616
A security vulnerability has been detected in TransformerOptimus SuperAGI up to 0.0.14. This affects the function extractwithbs4/extractwith3k/extractwithlxml of the file superagi/helper/webpageextractor.py of the component WebScraperTool. Such manipulation leads to server-side request forgery. I...
CVE-2026-6616 TransformerOptimus SuperAGI WebScraperTool webpage_extractor.py extract_with_lxml server-side request forgery
A security vulnerability has been detected in TransformerOptimus SuperAGI up to 0.0.14. This affects the function extractwithbs4/extractwith3k/extractwithlxml of the file superagi/helper/webpageextractor.py of the component WebScraperTool. Such manipulation leads to server-side request forgery. I...
CVE-2026-6616
TransformerOptimus SuperAGI up to version 0.0.14 contains a server-side request forgery in the WebScraperTool’s webpage_extractor.py, affecting functions extract_with_bs4, extract_with_3k, and extract_with_lxml. The issue arises in superagi/helper/webpage_extractor.py and is exploitable remotely;...
Malicious code in web-scraper-mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2dfaccc27abfc21f8c77b6fdf8878b91578a74d08526e6995cc52c2922ca3588 The package web-scraper-mcp was found to contain malicious code. Source: ghsa-malware 836f393eb6f0f8e726f2a49d47785c31473723f76d1f6a6e6e2d6d75e53e5dd...
MAL-2025-190943 Malicious code in web-scraper-mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2dfaccc27abfc21f8c77b6fdf8878b91578a74d08526e6995cc52c2922ca3588 The package web-scraper-mcp was found to contain malicious code. Source: ghsa-malware 836f393eb6f0f8e726f2a49d47785c31473723f76d1f6a6e6e2d6d75e53e5dd...
EUVD-2025-199010
Malicious code in web-scraper-mcp npm...
EUVD-2024-16250
Malicious code in bioql PyPI...
CVE-2024-56800
Firecrawl is a web scraper that allows users to extract the content of a webpage for a large language model. Versions prior to 1.1.1 contain a server-side request forgery SSRF vulnerability. The scraping engine could be exploited by crafting a malicious site that redirects to a local IP address...
CVE-2024-0455
The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level manager, admin, and when in single user could put in the URL http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance which is a special IP and URL th...
CVE-2024-56800 Firecrawl has SSRF Vulnerability via malicious scrape target
Firecrawl is a web scraper that allows users to extract the content of a webpage for a large language model. Versions prior to 1.1.1 contain a server-side request forgery SSRF vulnerability. The scraping engine could be exploited by crafting a malicious site that redirects to a local IP address...
CVE-2024-56800
CVE-2024-56800 – Firecrawl SSRF vulnerability : Firecrawl (OSS) before v1.1.1 is affected by a server-side request forgery that can be triggered by a malicious scrape target redirecting to a local IP, enabling exfiltration of local network resources via the API. The cloud service was patched on 2...
PT-2024-37074
Name of the Vulnerable Software and Affected Versions Firecrawl versions prior to 1.1.1 Description Firecrawl is a web scraper that allows users to extract the content of a webpage for a large language model. The scraping engine could be exploited by crafting a malicious site that redirects to a...