AgentsVulnerable MCP Project Catalogs Critical CVEsVulnerable MCP Project·high signalvulnerablemcp.info catalogs CVE-2026-25536 TypeScript SDK cross-client leak, CVE-2026-23744 MCPJam RCE, chained mcp-server-git CVEs. Adversa AI MCP Security TOP 25 most comprehensive taxonomy.SourceSource pageVulnerable MCP Project↳ Follow the threadStack layer / Threat patternNSA issues official MCP hardening guidance after Amazon Q auto-execution CVEs (CVSS 8.5) enable AWS credential theftWizStack layer / Threat patternSnyk's Evo Agentic Development Security Hit GA June 29 — an Enforcement Layer That Polices MCP Servers and Coding Agents at RuntimeSiliconANGLEStack layer / Threat patternCROSS-CATEGORY: Three Vendors in Three Unrelated Categories Shipped 'Agents That Supervise Other Agents' Inside Two WeeksVantaStack layer / Threat patternllm 0.31.1 Released — Point Update to the Command-Line LLM Harnesssimonwillison.netStack layer / Threat patternMCP-Grounded Agent Pipeline Converts Legacy Docs to NIST OSCAL for Continuous CompliancearXivPolicy dependency / Threat patternPrismata Confines Cross-Site Prompt Injection by Treating Web Agents Like an XSS ProblemarXivStack layer / Threat patternAWS documents two WAF architecture patterns for securing Bedrock AgentCore RuntimeAWS Machine Learning BlogThreat pattern / ContrastTaxonomy Structure Shapes BERT Errors in CVE-to-CWE Security MappingarXiv