CVE-2026-3958 | Woahai321 ListSync up to 0.6.6 JSON api_server.py requests.post server-side request forgery (Issue 79)

Inserito da Angelo Barbosa | Mar 11, 2026 | CVE

A vulnerability identified as critical has been detected in Woahai321 ListSync up to 0.6.6. This issue affects the function requests.post of the file list-sync-main/api_server.py of the component JSON Handler. The manipulation leads to server-side request forgery.

This vulnerability is uniquely identified as CVE-2026-3958. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-3958 | Woahai321 ListSync up to 0.6.6 JSON api_server.py requests.post server-side request forgery (Issue 79)

Post correlati

CVE-2024-7262 | Kingsoft WPS Office up to 12.2.0.13489 on Windows Hyperlink promecefpluginhost.exe path traversal

CVE-2024-23848 | Linux Kernel up to 6.7.1 cec-adap.c cec_queue_msg_fh use after free

CVE-2025-11911 | Shenzhen Ruiming Technology Streamax Crocus 1.3.40 DeviceFault.do?Action=Query sortField sql injection

CVE-2023-51530 | GS Plugins Logo Slider Plugin up to 3.5.1 on WordPress cross-site request forgery