Summary
Uni-CLI: Legacy HTTP MCP transport accepted browser-originated localhost requests
References
Related vulnerabilities
All Supply chain →- HIGHGHSA-869J-R97X-HX2G
Anki's local HTTP server does not sufficiently validate requests
- HIGHGHSA-F4XH-W4CJ-QXQ8
LangSmith SDK TracingMiddleware: Arbitrary server-side file read
- MEDIUMGHSA-MXJX-28VX-XJJJ
Network-AI: ApprovalInbox HTTP server has no authentication — anyone can approve pending agent actions
- MEDIUMGHSA-JR33-MW75-7J8F
dbt MCP Server: Unauthenticated OAuth Context Endpoint Leaks dbt Platform Tokens
- HIGHGHSA-G5QX-H5F3-MP2F
TinaCMS: Cross-origin postMessage handlers and rich-text URL-sanitization bypass enable stored XSS and session takeover
- CRITICALGHSA-C55V-343G-5XFF
Craft CMS: Blind SSRF and Arbitrary JavaScript Injection via Host Header Poisoning in actionResourceJs