2 matches found
PT-2026-48476
Affected: @hulumi/policies 1.4.0 — Fixed in: 1.4.0 — Severity: High — CWE-284 Improper Access Control Summary HULUMI-H1 forbids raw aws:s3:Bucket outside of Hulumi's SecureBucket component, with one exemption: a raw bucket that's a child of a SecureBucket is allowed because the component is...
PT-2025-31940 · Thinkphp3 · Thinkphp3
Name of the Vulnerable Software and Affected Versions: thinkphp3 version 3.2.5 Description: An issue in thinkphp3 allows a remote attacker to execute arbitrary code via the index.php component. This can be achieved through crafted template inclusion, requiring no login. Recommendations: Block...