PT-2026-42694

Impact The ajax lookup endpoint in application.py bypasses the is accessible access control check that all other endpoints enforce. If a developer restricts model access by overriding is accessible, an authenticated user can still query that model's data through the ajax lookup endpoint — silentl...

The HTTP request was forbidden with client authentication scheme

Veeam Data Cloud for Microsoft 365 Configuration Check Notice On 2026-05-22, an update to the Veeam Data Cloud for Microsoft 365 services introduced a configuration check to proactively detect configuration issues that may cause the issue described in this article's Challenge section. The Cause a...

CVE-2017-1500

A Reflected Cross Site Scripting XSS vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0. The vulnerable parameter is "scope"; if you set as its value a "realm" not defined in authenticationConfig.xml, you get a...

DzSoft PHP Editor 4.2.7 File Enumeration

Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/DZSOFT-v4.2.7-PHP-EDITOR-FILE-ENUMERATION.txt + ISR: ApparitionSec Vendor: ============== www.dzsoft.com Product: ========================= DzSoft PHP Editor v4.2.7 DzSoft PHP...