CVE-2026-25386

Missing Authorization vulnerability in Elementor Ally pojo-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ally: from n/a through = 4.0.2...

CVE-2026-25386

Missing Authorization vulnerability in Elementor Ally pojo-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ally: from n/a through = 4.0.2...

CVE-2026-25386

The CVE-2026-25386 entry concerns the WordPress Ally plugin (pojo-accessibility) with Missing Authorization/Broken Access Control in versions up to and including 4.0.2. Connected sources (Wordfence/intelligence report and CVE tracking) confirm the affected software and the underlying issue—improp...

CVE-2026-25386 WordPress Ally plugin <= 4.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Elementor Ally pojo-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ally: from n/a through = 4.0.2...

CVE-2026-25386

Missing Authorization vulnerability in Elementor Ally pojo-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ally: from n/a through = 4.0.2...

CVE-2026-25386 WordPress Ally plugin <= 4.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Elementor Ally pojo-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ally: from n/a through = 4.0.2...

PT-2026-20720

Missing Authorization vulnerability in Elementor Ally pojo-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ally: from n/a through = 4.0.2...

EUVD-2024-33547

Malicious code in bioql PyPI...

org.apache.inlong:manager-client (>=1.3.0 <=2.0.0), org.apache.inlong:manager-client-examples (>=1.3.0 <=2.0.0) +2 more potentially affected by CVE-2025-27531 via org.apache.inlong:manager-pojo (>=1.13.0 <=2.0.0)

org.apache.inlong:manager-pojo MAVEN version =1.13.0, =1.3.0, =1.3.0, =1.3.0, =1.13.0, =2.0.0 Source cves: CVE-2025-27531 Source advisory: SNYK:JAVA-ORGAPACHEINLONG-10350439...

org.apache.inlong:manager-client (>=1.3.0 <=2.1.0), org.apache.inlong:manager-client-examples (>=1.3.0 <=2.1.0) +2 more potentially affected by CVE-2025-27528 via org.apache.inlong:manager-pojo (>=1.13.0 <=2.1.0)

org.apache.inlong:manager-pojo MAVEN version =1.13.0, =1.3.0, =1.3.0, =1.3.0, =1.13.0, =2.1.0 Source cves: CVE-2025-27528 Source advisory: OSV:GHSA-98V7-XXXV-HCRH...

org.apache.inlong:manager-client (>=1.3.0 <=2.1.0), org.apache.inlong:manager-client-examples (>=1.3.0 <=2.1.0) +2 more potentially affected by CVE-2025-27526 via org.apache.inlong:manager-pojo (>=1.13.0 <=2.1.0)

org.apache.inlong:manager-pojo MAVEN version =1.13.0, =1.3.0, =1.3.0, =1.3.0, =1.13.0, =2.1.0 Source cves: CVE-2025-27526 Source advisory: OSV:GHSA-532X-J9R7-8F73...

org.apache.inlong:manager-client (>=1.3.0 <=2.1.0), org.apache.inlong:manager-client-examples (>=1.3.0 <=2.1.0) +2 more potentially affected by CVE-2025-27526 via org.apache.inlong:manager-pojo (>=1.13.0 <=2.1.0)

org.apache.inlong:manager-pojo MAVEN version =1.13.0, =1.3.0, =1.3.0, =1.3.0, =1.13.0, =2.1.0 Source cves: CVE-2025-27526 Source advisory: SNYK:JAVA-ORGAPACHEINLONG-10255360...

org.apache.inlong:manager-client (>=1.3.0 <=2.1.0), org.apache.inlong:manager-client-examples (>=1.3.0 <=2.1.0) +2 more potentially affected by CVE-2025-27528 via org.apache.inlong:manager-pojo (>=1.13.0 <=2.1.0)

org.apache.inlong:manager-pojo MAVEN version =1.13.0, =1.3.0, =1.3.0, =1.3.0, =1.13.0, =2.1.0 Source cves: CVE-2025-27528 Source advisory: SNYK:JAVA-ORGAPACHEINLONG-10255363...

Improper Handling of Invalid Use of Special Elements

Overview Affected versions of this package are vulnerable to Improper Handling of Invalid Use of Special Elements through the JDBC interface. An attacker can read arbitrary files by inserting special characters into JDBC URL and potentially access or modify data without proper authorisation...

org.apache.inlong:manager-client (>=1.7.0 <=2.1.0), org.apache.inlong:manager-client-examples (>=1.7.0 <=2.1.0) +2 more potentially affected by CVE-2024-26579 +1 more via org.apache.inlong:manager-pojo (>=1.7.0 <=2.1.0)

org.apache.inlong:manager-pojo MAVEN version =1.7.0, =1.7.0, =1.7.0, =1.7.0, =2.0.0, =2.1.0 Source cves: CVE-2024-26579, CVE-2025-27522 Source advisory: SNYK:JAVA-ORGAPACHEINLONG-10255181...

CVE-2023-6016

An attacker is able to gain remote code execution on a server hosting the H2O dashboard through it's POJO model import feature...

CVE-2024-10909 Pojo Forms <= 1.4.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via form_preview_shortcode

The The Pojo Forms plugin for WordPress is vulnerable to arbitrary shortcode execution via formpreviewshortcode AJAX action in all versions up to, and including, 1.4.7. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-10909

The Pojo Forms WordPress plugin (pojo-forms) contains a vulnerability affecting versions up to 1.4.7 where an authenticated user with Subscriber+ can trigger arbitrary shortcode execution via the form_preview_shortcode AJAX action. The issue stems from insufficient validation before running do_sh...

CVE-2024-10909 Pojo Forms <= 1.4.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via form_preview_shortcode

The The Pojo Forms plugin for WordPress is vulnerable to arbitrary shortcode execution via formpreviewshortcode AJAX action in all versions up to, and including, 1.4.7. This is due to the software allowing users to execute an action that does not properly validate a value before running...

WordPress plugin The Pojo Forms 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code injection vulnerability exists ...