CORS

Windows-MCP versions prior to 0.7.5 are vulnerable to unauthenticated PowerShell control via HTTP transports due to wildcard CORS and missing authentication, allowing a remote attacker to execute arbitrary PowerShell commands as the user running Windows-MCP.

Open WebUI version v0.3.10 has a CORS misconfiguration and session validation issue that can lead to remote code execution due to a one-click attack against admin users.

SiYuan versions prior to 3.6.2 are vulnerable to remote code execution (RCE) via a malicious website exploiting a permissive CORS policy to inject a JavaScript snippet, leading to arbitrary code execution within the application's Node.js context.

The Glances XML-RPC server exposes sensitive system information due to a permissive CORS policy and missing Content-Type validation, enabling attackers to bypass CORS restrictions and steal data like hostnames, OS details, IP addresses, and process lists.

The @yoda.digital/gitlab-mcp-server's SSE transport lacks authentication and uses wildcard CORS, enabling unauthenticated attackers to execute arbitrary GitLab API calls using the operator's GitLab PAT, including destructive operations.

Jupyter Server versions 2.17.0 and earlier are vulnerable to a CORS origin validation bypass due to improper use of `re.match()` in validating the Origin header against the `allow_origin_pat` configuration, allowing attackers to bypass CORS restrictions.