ChaseHCS

1 exploit Active since Jul 2025
CVE-2025-6514 NOMISEC CRITICAL STUB
mcp-remote >=0.0.5 <0.1.16 - OS Command Injection via Authorization Endpoint Response URL
mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorization_endpoint response URL
CVSS 9.6