The article presents a hands-on lab featuring ten Model Context Protocol (MCP) challenges based on real vulnerabilities documented in CVEs and public incident reports. Each challenge comes in two versions: a vulnerable implementation designed for exploitation and a secure version that incorporates defense mechanisms to prevent attacks. Users can reproduce these exploits step-by-step in Cursor or Claude Desktop, with detailed instructions provided for each scenario. Each challenge is supported by Docker services and includes essential files such as fixtures and screenshots that verify the exploits can be executed as described. For instance, the "CRM Confused Deputy" challenge reveals how shared tokens can leak tenant records, whereas the "Git Command Injection" challenge highlights the dangers of unsanitized repository names. The secure builds incorporate various layers of security, like input validation and path canonicalization, to effectively mitigate the risks. The article emphasizes the educational aspect of these labs. It explains not only how to exploit the vulnerabilities but also why they exist and how the proposed mitigations work. For anyone new to MCP, a setup guide is available to assist in connecting to the challenge servers. The article also invites contributions, outlining the steps required to add new challenges, ensuring that the resource can grow and adapt as new vulnerabilities are discovered.