Author: Cyberthreat Blog

Cloud Foundry Foundation BOSH Azure CPI v22 could potentially allow a maliciously crafted stemcell to execute arbitrary code on VMs created by the director, aka a “CPI code injection vulnerability.”

The high level operating systems (HLOS) was not providing sufficient memory address information to ensure that secure applications inside Qualcomm Secure Execution Environment (QSEE) only write to legitimate memory ranges...

MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism.

In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parse_url function, aka VBV-17037.

public/rolechangeadmin in Faveo 1.9.3 allows CSRF. The impact is obtaining admin privileges.