Blind POST SSRF in phpBB 4.0.0-alpha1 Web Push (CVD with phpBB)
A registered phpBB 4.0.0-alpha1 user could point Web Push at any URL; the server fetched it. Coordinated disclosure; fixed in phpBB 4.0.0-a2.
A registered phpBB 4.0.0-alpha1 user could point Web Push at any URL; the server fetched it. Coordinated disclosure; fixed in phpBB 4.0.0-a2.
A two-byte gRPC request crashed AWS’s Kubernetes KMS plugin. Coordinated disclosure with AWS VDP; fix merged as aws-encryption-provider#169.