EUVD-2025-27271

Malicious code in bioql PyPI...

CVE-2025-58444

The MCP inspector is a developer tool for testing and debugging MCP servers. A cross-site scripting issue was reported in versions of the MCP Inspector local development tool prior to 0.16.6 when connecting to untrusted remote MCP servers with a malicious redirect URI. This could be leveraged to...

CVE-2025-58444 MCP Inspector is Vulnerable to Potential Command Execution via XSS When Connecting to an Untrusted MCP Server

The MCP inspector is a developer tool for testing and debugging MCP servers. A cross-site scripting issue was reported in versions of the MCP Inspector local development tool prior to 0.16.6 when connecting to untrusted remote MCP servers with a malicious redirect URI. This could be leveraged to...

CVE-2025-58444 MCP Inspector is Vulnerable to Potential Command Execution via XSS When Connecting to an Untrusted MCP Server

The MCP inspector is a developer tool for testing and debugging MCP servers. A cross-site scripting issue was reported in versions of the MCP Inspector local development tool prior to 0.16.6 when connecting to untrusted remote MCP servers with a malicious redirect URI. This could be leveraged to...

CVE-2025-58444 MCP Inspector is Vulnerable to Potential Command Execution via XSS When Connecting to an Untrusted MCP Server

The MCP inspector is a developer tool for testing and debugging MCP servers. A cross-site scripting issue was reported in versions of the MCP Inspector local development tool prior to 0.16.6 when connecting to untrusted remote MCP servers with a malicious redirect URI. This could be leveraged to...

CVE-2025-58444

The MCP Inspector (local development tool) is affected by an XSS flaw in versions prior to 0.16.6 when connecting to untrusted MCP servers with a malicious redirect URI. The flaw can be leveraged to interact with the inspector proxy and trigger arbitrary command execution on the developer machine...

GHSA-G9HG-QHMF-Q45M MCP Inspector is Vulnerable to Potential Command Execution via XSS When Connecting to an Untrusted MCP Server

An XSS flaw exists in the MCP Inspector local development tool when it renders a redirect URL returned by a remote MCP server. If the Inspector connects to an untrusted server, a crafted redirect can inject script into the Inspector context and, via the built-in proxy, be leveraged to trigger...

PT-2025-36513

Name of the Vulnerable Software and Affected Versions MCP Inspector versions prior to 0.16.6 Description The MCP Inspector, a developer tool for testing and debugging MCP servers, is susceptible to a cross-site scripting issue. This issue occurs when connecting to untrusted remote MCP servers wit...

CVE-2025-49006

Wasp Web Application Specification is a Rails-like framework for React, Node.js, and Prisma. Prior to version 0.16.6, Wasp authentication has a vulnerability in the OAuth authentication implementation affecting only Keycloak with a specific config. Wasp currently lowercases OAuth user IDs before...

CVE-2025-49006

CVE-2025-49006 concerns Wasp (Web Application Specification), a Rails-like framework used with React/Node/Prisma. Prior to 0.16.6, the OAuth implementation lowercases OAuth user IDs before storing/fetching, which can violate OAuth/OpenID Connect specs and lead to user impersonation, account colli...

CVE-2023-30844

Mutagen provides real-time file synchronization and flexible network forwarding for developers. Prior to versions 0.16.6 and 0.17.1 in mutagen and prior to version 0.17.1 in mutagen-compose, Mutagen list and monitor commands are susceptible to control characters that could be provided by remote...