#sqlinjection — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #sqlinjection, aggregated by home.social.
-
CISA Mandates Patching of Exploited Drupal Vulnerability
The US Cybersecurity and Infrastructure Security Agency has issued a directive requiring federal agencies to patch a critical Drupal vulnerability, known as CVE-2026-9082, by May 27 to prevent devastating SQL injection attacks. This highly critical flaw allows hackers to exploit PostgreSQL-powered Drupal sites and gain unauthorized access to…
#DrupalVulnerability #Cve20269082 #SqlInjection #PatchManagement #Cisa
-
Drupal Sites Targeted in SQL Injection Attacks
Drupal sites are under attack as SQL injection exploits are now being detected in the wild, taking advantage of a vulnerability that can be triggered without authentication. This critical flaw, CVE-2026-9082, allows attackers to execute arbitrary SQL and potentially run remote code, putting sites that use PostgreSQL at risk.
#SqlInjection #Drupal #Cve20269082 #EmergingThreats #ArbitraryCodeExecution
-
Drupal Sites Targeted in SQL Injection Attacks
Drupal sites are under attack as SQL injection exploits are now being detected in the wild, taking advantage of a vulnerability that can be triggered without authentication. This critical flaw, CVE-2026-9082, allows attackers to execute arbitrary SQL and potentially run remote code, putting sites that use PostgreSQL at risk.
#SqlInjection #Drupal #Cve20269082 #EmergingThreats #ArbitraryCodeExecution
-
Drupal Sites Targeted in SQL Injection Attacks
Drupal sites are under attack as SQL injection exploits are now being detected in the wild, taking advantage of a vulnerability that can be triggered without authentication. This critical flaw, CVE-2026-9082, allows attackers to execute arbitrary SQL and potentially run remote code, putting sites that use PostgreSQL at risk.
#SqlInjection #Drupal #Cve20269082 #EmergingThreats #ArbitraryCodeExecution
-
Drupal Sites Targeted in SQL Injection Attacks
Drupal sites are under attack as SQL injection exploits are now being detected in the wild, taking advantage of a vulnerability that can be triggered without authentication. This critical flaw, CVE-2026-9082, allows attackers to execute arbitrary SQL and potentially run remote code, putting sites that use PostgreSQL at risk.
#SqlInjection #Drupal #Cve20269082 #EmergingThreats #ArbitraryCodeExecution
-
Drupal Sites Targeted in SQL Injection Attacks
Drupal sites are under attack as SQL injection exploits are now being detected in the wild, taking advantage of a vulnerability that can be triggered without authentication. This critical flaw, CVE-2026-9082, allows attackers to execute arbitrary SQL and potentially run remote code, putting sites that use PostgreSQL at risk.
#SqlInjection #Drupal #Cve20269082 #EmergingThreats #ArbitraryCodeExecution
-
STER (Centralny Instytut Ochrony Pracy) faces a HIGH severity SQL Injection (CVE-2026-25606, CVSS 8.7). Authenticated attackers can access sensitive data via search filters. Patch by upgrading to v9.5. 🛡️ https://radar.offseq.com/threat/cve-2026-25606-cwe-89-improper-neutralization-of-s-41b4f04f #OffSeq #SQLInjection #Vuln #Infosec
-
STER (Centralny Instytut Ochrony Pracy) faces a HIGH severity SQL Injection (CVE-2026-25606, CVSS 8.7). Authenticated attackers can access sensitive data via search filters. Patch by upgrading to v9.5. 🛡️ https://radar.offseq.com/threat/cve-2026-25606-cwe-89-improper-neutralization-of-s-41b4f04f #OffSeq #SQLInjection #Vuln #Infosec
-
STER (Centralny Instytut Ochrony Pracy) faces a HIGH severity SQL Injection (CVE-2026-25606, CVSS 8.7). Authenticated attackers can access sensitive data via search filters. Patch by upgrading to v9.5. 🛡️ https://radar.offseq.com/threat/cve-2026-25606-cwe-89-improper-neutralization-of-s-41b4f04f #OffSeq #SQLInjection #Vuln #Infosec
-
STER (Centralny Instytut Ochrony Pracy) faces a HIGH severity SQL Injection (CVE-2026-25606, CVSS 8.7). Authenticated attackers can access sensitive data via search filters. Patch by upgrading to v9.5. 🛡️ https://radar.offseq.com/threat/cve-2026-25606-cwe-89-improper-neutralization-of-s-41b4f04f #OffSeq #SQLInjection #Vuln #Infosec
-
🚨 Drupal sites using PostgreSQL face a highly critical SQL injection vuln (CVE-2026-9082), risking RCE & data exposure. Patch versions 11.3, 11.2, 10.6, 10.5.x ASAP. Update Symfony & Twig too. No active exploitation yet. https://radar.offseq.com/threat/drupal-patches-highly-critical-vulnerability-expos-a1486e66 #OffSeq #Drupal #SQLInjection #Infosec
-
🚨 Drupal sites using PostgreSQL face a highly critical SQL injection vuln (CVE-2026-9082), risking RCE & data exposure. Patch versions 11.3, 11.2, 10.6, 10.5.x ASAP. Update Symfony & Twig too. No active exploitation yet. https://radar.offseq.com/threat/drupal-patches-highly-critical-vulnerability-expos-a1486e66 #OffSeq #Drupal #SQLInjection #Infosec
-
🚨 Drupal sites using PostgreSQL face a highly critical SQL injection vuln (CVE-2026-9082), risking RCE & data exposure. Patch versions 11.3, 11.2, 10.6, 10.5.x ASAP. Update Symfony & Twig too. No active exploitation yet. https://radar.offseq.com/threat/drupal-patches-highly-critical-vulnerability-expos-a1486e66 #OffSeq #Drupal #SQLInjection #Infosec
-
🚨 Drupal sites using PostgreSQL face a highly critical SQL injection vuln (CVE-2026-9082), risking RCE & data exposure. Patch versions 11.3, 11.2, 10.6, 10.5.x ASAP. Update Symfony & Twig too. No active exploitation yet. https://radar.offseq.com/threat/drupal-patches-highly-critical-vulnerability-expos-a1486e66 #OffSeq #Drupal #SQLInjection #Infosec
-
Drupal Flaw Exposes PostgreSQL Sites to Remote Code Execution Attacks
A vulnerability in Drupal Core's database abstraction API leaves PostgreSQL sites open to devastating SQL injection attacks, allowing hackers to send malicious requests and wreak havoc. This highly critical flaw, tracked as CVE-2026-9082, has been patched with urgent security updates.
#SqlInjection #RemoteCodeExecution #Postgresql #Drupal #Cve20269082
-
Patch immediately before public exploits emerge.
https://www.drupal.org/sa-core-2026-004
Affected:
- 8.9.0 , < 10.4.10
- 10.5.0 , < 10.5.10
- 10.6.0 , < 10.6.9
- 11.0.0 , < 11.1.10
- 11.2.0 , < 11.2.12
- 11.3.0 , < 11.3.10CVE-2026-9082 - Highly critical - SQL Injection
CVE-2026-8495 - Missing Authorization
CVE-2026-8493 - XSS
CVE-2026-8492
CVE-2026-8491#Drupal #PHP #CyberSecurity #Infosec #CVE #WebSecurity #PostgreSQL #SqlInjection #PrivilegeEscalation #XSS
-
Patch immediately before public exploits emerge.
https://www.drupal.org/sa-core-2026-004
Affected:
- 8.9.0 , < 10.4.10
- 10.5.0 , < 10.5.10
- 10.6.0 , < 10.6.9
- 11.0.0 , < 11.1.10
- 11.2.0 , < 11.2.12
- 11.3.0 , < 11.3.10CVE-2026-9082 - Highly critical - SQL Injection
CVE-2026-8495 - Missing Authorization
CVE-2026-8493 - XSS
CVE-2026-8492
CVE-2026-8491#Drupal #PHP #CyberSecurity #Infosec #CVE #WebSecurity #PostgreSQL #SqlInjection #PrivilegeEscalation #XSS
-
Patch immediately before public exploits emerge.
https://www.drupal.org/sa-core-2026-004
Affected:
- 8.9.0 , < 10.4.10
- 10.5.0 , < 10.5.10
- 10.6.0 , < 10.6.9
- 11.0.0 , < 11.1.10
- 11.2.0 , < 11.2.12
- 11.3.0 , < 11.3.10CVE-2026-9082 - Highly critical - SQL Injection
CVE-2026-8495 - Missing Authorization
CVE-2026-8493 - XSS
CVE-2026-8492
CVE-2026-8491#Drupal #PHP #CyberSecurity #Infosec #CVE #WebSecurity #PostgreSQL #SqlInjection #PrivilegeEscalation #XSS
-
Patch immediately before public exploits emerge.
https://www.drupal.org/sa-core-2026-004
Affected:
- 8.9.0 , < 10.4.10
- 10.5.0 , < 10.5.10
- 10.6.0 , < 10.6.9
- 11.0.0 , < 11.1.10
- 11.2.0 , < 11.2.12
- 11.3.0 , < 11.3.10CVE-2026-9082 - Highly critical - SQL Injection
CVE-2026-8495 - Missing Authorization
CVE-2026-8493 - XSS
CVE-2026-8492
CVE-2026-8491#Drupal #PHP #CyberSecurity #Infosec #CVE #WebSecurity #PostgreSQL #SqlInjection #PrivilegeEscalation #XSS
-
#Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
Only affects Drupal sites that use Postgresql (5% of sites estimated by the security team)
-
#Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
Only affects Drupal sites that use Postgresql (5% of sites estimated by the security team)
-
#Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
Only affects Drupal sites that use Postgresql (5% of sites estimated by the security team)
-
#Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
Only affects Drupal sites that use Postgresql (5% of sites estimated by the security team)
-
#Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
Only affects Drupal sites that use Postgresql (5% of sites estimated by the security team)
-
🚨 CRITICAL: CVE-2026-9065 in brainstormforce SureCart <4.2.1 allows authenticated SQL injection via REST API ('/surecart/v1/integrations/{id}'). Exploit bypasses escaping with a dot in payloads — full DB extraction possible. Patch now! https://radar.offseq.com/threat/cve-2026-9065-cwe-89-improper-neutralization-of-sp-8901e797 #OffSeq #SQLInjection #WordPress
-
🚨 CRITICAL: CVE-2026-9065 in brainstormforce SureCart <4.2.1 allows authenticated SQL injection via REST API ('/surecart/v1/integrations/{id}'). Exploit bypasses escaping with a dot in payloads — full DB extraction possible. Patch now! https://radar.offseq.com/threat/cve-2026-9065-cwe-89-improper-neutralization-of-sp-8901e797 #OffSeq #SQLInjection #WordPress
-
🚨 CRITICAL: CVE-2026-9065 in brainstormforce SureCart <4.2.1 allows authenticated SQL injection via REST API ('/surecart/v1/integrations/{id}'). Exploit bypasses escaping with a dot in payloads — full DB extraction possible. Patch now! https://radar.offseq.com/threat/cve-2026-9065-cwe-89-improper-neutralization-of-sp-8901e797 #OffSeq #SQLInjection #WordPress
-
🚨 CRITICAL: CVE-2026-9065 in brainstormforce SureCart <4.2.1 allows authenticated SQL injection via REST API ('/surecart/v1/integrations/{id}'). Exploit bypasses escaping with a dot in payloads — full DB extraction possible. Patch now! https://radar.offseq.com/threat/cve-2026-9065-cwe-89-improper-neutralization-of-sp-8901e797 #OffSeq #SQLInjection #WordPress
-
#PostgreSQL: Updates stopfen hochriskante Sicherheitslecks | Security https://www.heise.de/news/PostgreSQL-Updates-stopfen-hochriskante-Sicherheitslecks-11297485.html #SQL #Patchday #SQLinjection
-
#PostgreSQL: Updates stopfen hochriskante Sicherheitslecks | Security https://www.heise.de/news/PostgreSQL-Updates-stopfen-hochriskante-Sicherheitslecks-11297485.html #SQL #Patchday #SQLinjection
-
#PostgreSQL: Updates stopfen hochriskante Sicherheitslecks | Security https://www.heise.de/news/PostgreSQL-Updates-stopfen-hochriskante-Sicherheitslecks-11297485.html #SQL #Patchday #SQLinjection
-
#PostgreSQL: Updates stopfen hochriskante Sicherheitslecks | Security https://www.heise.de/news/PostgreSQL-Updates-stopfen-hochriskante-Sicherheitslecks-11297485.html #SQL #Patchday #SQLinjection
-
MEDIUM severity: CVE-2026-8724 in Dataease 2.10.20 allows SQL injection via SqlparserUtils.transFilter. Exploit requires high-priv user. No patch yet — restrict access & monitor for suspicious queries. More: https://radar.offseq.com/threat/cve-2026-8724-sql-injection-in-dataease-6c315564 #OffSeq #SQLInjection #InfoSec
-
MEDIUM severity: CVE-2026-8724 in Dataease 2.10.20 allows SQL injection via SqlparserUtils.transFilter. Exploit requires high-priv user. No patch yet — restrict access & monitor for suspicious queries. More: https://radar.offseq.com/threat/cve-2026-8724-sql-injection-in-dataease-6c315564 #OffSeq #SQLInjection #InfoSec
-
MEDIUM severity: CVE-2026-8724 in Dataease 2.10.20 allows SQL injection via SqlparserUtils.transFilter. Exploit requires high-priv user. No patch yet — restrict access & monitor for suspicious queries. More: https://radar.offseq.com/threat/cve-2026-8724-sql-injection-in-dataease-6c315564 #OffSeq #SQLInjection #InfoSec
-
MEDIUM severity: CVE-2026-8724 in Dataease 2.10.20 allows SQL injection via SqlparserUtils.transFilter. Exploit requires high-priv user. No patch yet — restrict access & monitor for suspicious queries. More: https://radar.offseq.com/threat/cve-2026-8724-sql-injection-in-dataease-6c315564 #OffSeq #SQLInjection #InfoSec
-
🚨 CRITICAL: CVE-2026-46364 in phpMyFAQ <4.1.2 allows unauthenticated SQL injection via /api/captcha. Attackers can exfiltrate user creds, admin tokens, and SMTP info. Restrict endpoint & use WAF until patch is confirmed. https://radar.offseq.com/threat/cve-2026-46364-improper-neutralization-of-special--9adafcbf #OffSeq #SQLInjection #Infosec
-
🚨 CRITICAL: CVE-2026-46364 in phpMyFAQ <4.1.2 allows unauthenticated SQL injection via /api/captcha. Attackers can exfiltrate user creds, admin tokens, and SMTP info. Restrict endpoint & use WAF until patch is confirmed. https://radar.offseq.com/threat/cve-2026-46364-improper-neutralization-of-special--9adafcbf #OffSeq #SQLInjection #Infosec
-
🚨 CRITICAL: CVE-2026-46364 in phpMyFAQ <4.1.2 allows unauthenticated SQL injection via /api/captcha. Attackers can exfiltrate user creds, admin tokens, and SMTP info. Restrict endpoint & use WAF until patch is confirmed. https://radar.offseq.com/threat/cve-2026-46364-improper-neutralization-of-special--9adafcbf #OffSeq #SQLInjection #Infosec
-
🚨 CRITICAL: CVE-2026-46364 in phpMyFAQ <4.1.2 allows unauthenticated SQL injection via /api/captcha. Attackers can exfiltrate user creds, admin tokens, and SMTP info. Restrict endpoint & use WAF until patch is confirmed. https://radar.offseq.com/threat/cve-2026-46364-improper-neutralization-of-special--9adafcbf #OffSeq #SQLInjection #Infosec
-
🚨 CRITICAL: CVE-2026-46364 in phpMyFAQ <4.1.2 allows unauthenticated SQL injection via /api/captcha. Attackers can exfiltrate user creds, admin tokens, and SMTP info. Restrict endpoint & use WAF until patch is confirmed. https://radar.offseq.com/threat/cve-2026-46364-improper-neutralization-of-special--9adafcbf #OffSeq #SQLInjection #Infosec
-
Avada Builder Flaws Expose WordPress Sites to Credential Theft
A critical vulnerability in the Avada Builder WordPress plugin, used by an estimated one million active installations, leaves sites exposed to credential theft and data breaches. Two flaws, CVE-2026-4782 and CVE-2026-4798, allow attackers to read sensitive files and extract database information, putting your site at risk.
#Wordpress #AvadaBuilder #CredentialTheft #ArbitraryFileRead #SqlInjection
-
Avada Builder Flaws Expose WordPress Sites to Credential Theft
A critical vulnerability in the Avada Builder WordPress plugin, used by an estimated one million active installations, leaves sites exposed to credential theft and data breaches. Two flaws, CVE-2026-4782 and CVE-2026-4798, allow attackers to read sensitive files and extract database information, putting your site at risk.
#Wordpress #AvadaBuilder #CredentialTheft #ArbitraryFileRead #SqlInjection
-
#SAP-#Patchday: Kritische Sicherheitslücken erlauben unbefugte Anmeldung | Security https://www.heise.de/news/SAP-Patchday-Kritische-Sicherheitsluecken-erlauben-unbefugte-Anmeldung-11291173.html #SQLinjection
-
#SAP-#Patchday: Kritische Sicherheitslücken erlauben unbefugte Anmeldung | Security https://www.heise.de/news/SAP-Patchday-Kritische-Sicherheitsluecken-erlauben-unbefugte-Anmeldung-11291173.html #SQLinjection
-
#SAP-#Patchday: Kritische Sicherheitslücken erlauben unbefugte Anmeldung | Security https://www.heise.de/news/SAP-Patchday-Kritische-Sicherheitsluecken-erlauben-unbefugte-Anmeldung-11291173.html #SQLinjection
-
#SAP-#Patchday: Kritische Sicherheitslücken erlauben unbefugte Anmeldung | Security https://www.heise.de/news/SAP-Patchday-Kritische-Sicherheitsluecken-erlauben-unbefugte-Anmeldung-11291173.html #SQLinjection
-
🚨 CRITICAL: SQL injection (CVE-2026-34260, CVSS 9.6) in SAP S/4HANA (SAP_BASIS 751-816). Authenticated attackers can access sensitive data & crash apps. No patch yet — restrict access & monitor logs. https://radar.offseq.com/threat/cve-2026-34260-cwe-89-improper-neutralization-of-s-4864cd58 #OffSeq #SAP #Infosec #SQLInjection
-
🚨 CRITICAL: SQL injection (CVE-2026-34260, CVSS 9.6) in SAP S/4HANA (SAP_BASIS 751-816). Authenticated attackers can access sensitive data & crash apps. No patch yet — restrict access & monitor logs. https://radar.offseq.com/threat/cve-2026-34260-cwe-89-improper-neutralization-of-s-4864cd58 #OffSeq #SAP #Infosec #SQLInjection
-
🚨 CRITICAL: SQL injection (CVE-2026-34260, CVSS 9.6) in SAP S/4HANA (SAP_BASIS 751-816). Authenticated attackers can access sensitive data & crash apps. No patch yet — restrict access & monitor logs. https://radar.offseq.com/threat/cve-2026-34260-cwe-89-improper-neutralization-of-s-4864cd58 #OffSeq #SAP #Infosec #SQLInjection