@hulumi/policies: HULUMI-H1 SecureBucket parent spoof bypass

Impact: @hulumi/policies versions before 1.3.2 could accept spoofed SecureBucket parent evidence for HULUMI-H1, allowing policy evaluation to miss an unsafe bucket shape. Patched in 1.3.2: the validator now correlates evidence to the expected component/resource relationship and includes regressio...

PT-2025-48201

Name of the Vulnerable Software and Affected Versions node-forge versions 1.3.1 and below Description An Integer Overflow issue exists in node-forge, a native implementation of Transport Layer Security in JavaScript. The flaw resides in the parsing of ASN.1 structures containing OIDs with oversiz...

WordPress WP Sort Order Plugin <= 1.3.1 is vulnerable to Broken Access Control

Software WP Sort Order Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31294 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID fa1bc46c4a98 Credits CatFather Required privilege...