CVE-2026-42271 LiteLLM: Authenticated command execution via MCP stdio test endpoints

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration i...

PT-2022-11312 · Geoserver · Geoserver

Name of the Vulnerable Software and Affected Versions: GeoServer versions 2.18.5 and earlier GeoServer versions 2.19.x through 2.19.2 Description: The issue allows for Server-Side Request Forgery SSRF via the option for setting a proxy host. This means an attacker could potentially force the serv...