Tag
medium
advisory
@hulumi/policies Evidence Bypass Vulnerability
2 rules@hulumi/policies versions before 1.3.2 allowed unrelated compliant-looking evidence to suppress violations for different zones, hostnames, origins, or repositories in the same stack, bypassing Cloudflare and deployment-governance guardrails.
@hulumi/policies
dependency-confusion
security-bypass
cloud
2r
high
advisory
APM CLI Symlink Vulnerability Leads to File Content Disclosure (CVE-2026-45539)
2 rules 1 TTP 1 CVEA vulnerability in the `apm-cli` tool allows a malicious APM package to include symlinks that, when installed, can lead to file-content disclosure, by dereferencing symlinks under `.apm/prompts/` and `.apm/agents/` during `apm install`, and copying host-local file contents into the project tree.
apm
symlink
file-disclosure
apm-cli
dependency-confusion
2r
1t
1c