37 matches found
CVE-2026-25386
Missing Authorization vulnerability in Elementor Ally pojo-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ally: from n/a through = 4.0.2...
CVE-2026-25386
Missing Authorization vulnerability in Elementor Ally pojo-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ally: from n/a through = 4.0.2...
CVE-2026-25386
Missing Authorization vulnerability in Elementor Ally pojo-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ally: from n/a through = 4.0.2...
CVE-2026-25386 WordPress Ally plugin <= 4.0.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Elementor Ally pojo-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ally: from n/a through = 4.0.2...
CVE-2026-25386
The CVE-2026-25386 entry concerns the WordPress Ally plugin (pojo-accessibility) with Missing Authorization/Broken Access Control in versions up to and including 4.0.2. Connected sources (Wordfence/intelligence report and CVE tracking) confirm the affected software and the underlying issue—improp...
CVE-2026-25386 WordPress Ally plugin <= 4.0.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Elementor Ally pojo-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ally: from n/a through = 4.0.2...
PT-2026-20720
Missing Authorization vulnerability in Elementor Ally pojo-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ally: from n/a through = 4.0.2...
EUVD-2024-33547
Malicious code in bioql PyPI...
org.apache.inlong:manager-client (>=1.3.0 <=2.0.0), org.apache.inlong:manager-client-examples (>=1.3.0 <=2.0.0) +2 more potentially affected by CVE-2025-27531 via org.apache.inlong:manager-pojo (>=1.13.0 <=2.0.0)
org.apache.inlong:manager-pojo MAVEN version =1.13.0, =1.3.0, =1.3.0, =1.3.0, =1.13.0, =2.0.0 Source cves: CVE-2025-27531 Source advisory: SNYK:JAVA-ORGAPACHEINLONG-10350439...
org.apache.inlong:manager-client (>=1.3.0 <=2.1.0), org.apache.inlong:manager-client-examples (>=1.3.0 <=2.1.0) +2 more potentially affected by CVE-2025-27526 via org.apache.inlong:manager-pojo (>=1.13.0 <=2.1.0)
org.apache.inlong:manager-pojo MAVEN version =1.13.0, =1.3.0, =1.3.0, =1.3.0, =1.13.0, =2.1.0 Source cves: CVE-2025-27526 Source advisory: OSV:GHSA-532X-J9R7-8F73...
org.apache.inlong:manager-client (>=1.3.0 <=2.1.0), org.apache.inlong:manager-client-examples (>=1.3.0 <=2.1.0) +2 more potentially affected by CVE-2025-27528 via org.apache.inlong:manager-pojo (>=1.13.0 <=2.1.0)
org.apache.inlong:manager-pojo MAVEN version =1.13.0, =1.3.0, =1.3.0, =1.3.0, =1.13.0, =2.1.0 Source cves: CVE-2025-27528 Source advisory: OSV:GHSA-98V7-XXXV-HCRH...
org.apache.inlong:manager-client (>=1.3.0 <=2.1.0), org.apache.inlong:manager-client-examples (>=1.3.0 <=2.1.0) +2 more potentially affected by CVE-2025-27526 via org.apache.inlong:manager-pojo (>=1.13.0 <=2.1.0)
org.apache.inlong:manager-pojo MAVEN version =1.13.0, =1.3.0, =1.3.0, =1.3.0, =1.13.0, =2.1.0 Source cves: CVE-2025-27526 Source advisory: SNYK:JAVA-ORGAPACHEINLONG-10255360...
Improper Handling of Invalid Use of Special Elements
Overview Affected versions of this package are vulnerable to Improper Handling of Invalid Use of Special Elements through the JDBC interface. An attacker can read arbitrary files by inserting special characters into JDBC URL and potentially access or modify data without proper authorisation...
org.apache.inlong:manager-client (>=1.3.0 <=2.1.0), org.apache.inlong:manager-client-examples (>=1.3.0 <=2.1.0) +2 more potentially affected by CVE-2025-27528 via org.apache.inlong:manager-pojo (>=1.13.0 <=2.1.0)
org.apache.inlong:manager-pojo MAVEN version =1.13.0, =1.3.0, =1.3.0, =1.3.0, =1.13.0, =2.1.0 Source cves: CVE-2025-27528 Source advisory: SNYK:JAVA-ORGAPACHEINLONG-10255363...
org.apache.inlong:manager-client (>=1.7.0 <=2.1.0), org.apache.inlong:manager-client-examples (>=1.7.0 <=2.1.0) +2 more potentially affected by CVE-2024-26579 +1 more via org.apache.inlong:manager-pojo (>=1.7.0 <=2.1.0)
org.apache.inlong:manager-pojo MAVEN version =1.7.0, =1.7.0, =1.7.0, =1.7.0, =2.0.0, =2.1.0 Source cves: CVE-2024-26579, CVE-2025-27522 Source advisory: SNYK:JAVA-ORGAPACHEINLONG-10255181...
CVE-2023-6016
An attacker is able to gain remote code execution on a server hosting the H2O dashboard through it's POJO model import feature...
CVE-2024-10909 Pojo Forms <= 1.4.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via form_preview_shortcode
The The Pojo Forms plugin for WordPress is vulnerable to arbitrary shortcode execution via formpreviewshortcode AJAX action in all versions up to, and including, 1.4.7. This is due to the software allowing users to execute an action that does not properly validate a value before running...
CVE-2024-10909 Pojo Forms <= 1.4.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via form_preview_shortcode
The The Pojo Forms plugin for WordPress is vulnerable to arbitrary shortcode execution via formpreviewshortcode AJAX action in all versions up to, and including, 1.4.7. This is due to the software allowing users to execute an action that does not properly validate a value before running...
CVE-2024-10909
The Pojo Forms WordPress plugin (pojo-forms) contains a vulnerability affecting versions up to 1.4.7 where an authenticated user with Subscriber+ can trigger arbitrary shortcode execution via the form_preview_shortcode AJAX action. The issue stems from insufficient validation before running do_sh...
PT-2024-16635 · WordPress · Pojo Forms
Name of the Vulnerable Software and Affected Versions: Pojo Forms plugin for WordPress versions 1.4.7 and earlier Description: The Pojo Forms plugin for WordPress is vulnerable to arbitrary shortcode execution via the form preview shortcode AJAX action. This is due to the software allowing users ...