MCP shipped without authentication. Clawdbot shows why that's a problem.

Knostic found 1,862 MCP servers exposed with zero authentication. Here are five actions CISOs should take now.
GitHub

OCP CAD Viewer for VS Code

A fairly recent version of Microsoft VS Code, e.g. 1.85.0 or newer The Python extension installed in VS Code Necessary tools: ...
GitHub

p1n93r/SpringBootAdmin-thymeleaf-SSTI

The sandbox bypass mentioned here refers to bypassing certain blacklists of Thymeleaf, rather than leveraging the context for reflection-based escapes or similar techniques. then put the poc3.html ...