CVE-2026-3958 Woahai321 ListSync JSON api_server.py requests.post server-side request forgery

A vulnerability has been found in Woahai321 ListSync up to 0.6.6. This issue affects the function requests.post of the file list-sync-main/apiserver.py of the component JSON Handler. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The...

list-sync 代码问题漏洞

List-Sync is a tool developed by WoahAI personal developers, used for automatically syncing media servers with viewing lists. Versions of List-Sync 0.6.6 and earlier have code vulnerabilities. These vulnerabilities stem from incorrect operations in the requests.post function of the component’s JS...