home.social

#sqlinjection — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #sqlinjection, aggregated by home.social.

  1. CISA Mandates Patching of Exploited Drupal Vulnerability

    The US Cybersecurity and Infrastructure Security Agency has issued a directive requiring federal agencies to patch a critical Drupal vulnerability, known as CVE-2026-9082, by May 27 to prevent devastating SQL injection attacks. This highly critical flaw allows hackers to exploit PostgreSQL-powered Drupal sites and gain unauthorized access to…

    osintsights.com/cisa-mandates-

    #DrupalVulnerability #Cve20269082 #SqlInjection #PatchManagement #Cisa

  2. Drupal Sites Targeted in SQL Injection Attacks

    Drupal sites are under attack as SQL injection exploits are now being detected in the wild, taking advantage of a vulnerability that can be triggered without authentication. This critical flaw, CVE-2026-9082, allows attackers to execute arbitrary SQL and potentially run remote code, putting sites that use PostgreSQL at risk.

    osintsights.com/drupal-sites-t

    #SqlInjection #Drupal #Cve20269082 #EmergingThreats #ArbitraryCodeExecution

  3. Drupal Sites Targeted in SQL Injection Attacks

    Drupal sites are under attack as SQL injection exploits are now being detected in the wild, taking advantage of a vulnerability that can be triggered without authentication. This critical flaw, CVE-2026-9082, allows attackers to execute arbitrary SQL and potentially run remote code, putting sites that use PostgreSQL at risk.

    osintsights.com/drupal-sites-t

    #SqlInjection #Drupal #Cve20269082 #EmergingThreats #ArbitraryCodeExecution

  4. Drupal Sites Targeted in SQL Injection Attacks

    Drupal sites are under attack as SQL injection exploits are now being detected in the wild, taking advantage of a vulnerability that can be triggered without authentication. This critical flaw, CVE-2026-9082, allows attackers to execute arbitrary SQL and potentially run remote code, putting sites that use PostgreSQL at risk.

    osintsights.com/drupal-sites-t

    #SqlInjection #Drupal #Cve20269082 #EmergingThreats #ArbitraryCodeExecution

  5. Drupal Sites Targeted in SQL Injection Attacks

    Drupal sites are under attack as SQL injection exploits are now being detected in the wild, taking advantage of a vulnerability that can be triggered without authentication. This critical flaw, CVE-2026-9082, allows attackers to execute arbitrary SQL and potentially run remote code, putting sites that use PostgreSQL at risk.

    osintsights.com/drupal-sites-t

    #SqlInjection #Drupal #Cve20269082 #EmergingThreats #ArbitraryCodeExecution

  6. Drupal Sites Targeted in SQL Injection Attacks

    Drupal sites are under attack as SQL injection exploits are now being detected in the wild, taking advantage of a vulnerability that can be triggered without authentication. This critical flaw, CVE-2026-9082, allows attackers to execute arbitrary SQL and potentially run remote code, putting sites that use PostgreSQL at risk.

    osintsights.com/drupal-sites-t

    #SqlInjection #Drupal #Cve20269082 #EmergingThreats #ArbitraryCodeExecution

  7. STER (Centralny Instytut Ochrony Pracy) faces a HIGH severity SQL Injection (CVE-2026-25606, CVSS 8.7). Authenticated attackers can access sensitive data via search filters. Patch by upgrading to v9.5. 🛡️ radar.offseq.com/threat/cve-20 #OffSeq #SQLInjection #Vuln #Infosec

  8. STER (Centralny Instytut Ochrony Pracy) faces a HIGH severity SQL Injection (CVE-2026-25606, CVSS 8.7). Authenticated attackers can access sensitive data via search filters. Patch by upgrading to v9.5. 🛡️ radar.offseq.com/threat/cve-20 #OffSeq #SQLInjection #Vuln #Infosec

  9. STER (Centralny Instytut Ochrony Pracy) faces a HIGH severity SQL Injection (CVE-2026-25606, CVSS 8.7). Authenticated attackers can access sensitive data via search filters. Patch by upgrading to v9.5. 🛡️ radar.offseq.com/threat/cve-20 #OffSeq #SQLInjection #Vuln #Infosec

  10. STER (Centralny Instytut Ochrony Pracy) faces a HIGH severity SQL Injection (CVE-2026-25606, CVSS 8.7). Authenticated attackers can access sensitive data via search filters. Patch by upgrading to v9.5. 🛡️ radar.offseq.com/threat/cve-20 #OffSeq #SQLInjection #Vuln #Infosec

  11. 🚨 Drupal sites using PostgreSQL face a highly critical SQL injection vuln (CVE-2026-9082), risking RCE & data exposure. Patch versions 11.3, 11.2, 10.6, 10.5.x ASAP. Update Symfony & Twig too. No active exploitation yet. radar.offseq.com/threat/drupal #OffSeq #Drupal #SQLInjection #Infosec

  12. 🚨 Drupal sites using PostgreSQL face a highly critical SQL injection vuln (CVE-2026-9082), risking RCE & data exposure. Patch versions 11.3, 11.2, 10.6, 10.5.x ASAP. Update Symfony & Twig too. No active exploitation yet. radar.offseq.com/threat/drupal #OffSeq #Drupal #SQLInjection #Infosec

  13. 🚨 Drupal sites using PostgreSQL face a highly critical SQL injection vuln (CVE-2026-9082), risking RCE & data exposure. Patch versions 11.3, 11.2, 10.6, 10.5.x ASAP. Update Symfony & Twig too. No active exploitation yet. radar.offseq.com/threat/drupal #OffSeq #Drupal #SQLInjection #Infosec

  14. 🚨 Drupal sites using PostgreSQL face a highly critical SQL injection vuln (CVE-2026-9082), risking RCE & data exposure. Patch versions 11.3, 11.2, 10.6, 10.5.x ASAP. Update Symfony & Twig too. No active exploitation yet. radar.offseq.com/threat/drupal #OffSeq #Drupal #SQLInjection #Infosec

  15. Drupal Flaw Exposes PostgreSQL Sites to Remote Code Execution Attacks

    A vulnerability in Drupal Core's database abstraction API leaves PostgreSQL sites open to devastating SQL injection attacks, allowing hackers to send malicious requests and wreak havoc. This highly critical flaw, tracked as CVE-2026-9082, has been patched with urgent security updates.

    osintsights.com/drupal-flaw-ex

    #SqlInjection #RemoteCodeExecution #Postgresql #Drupal #Cve20269082

  16. Patch immediately before public exploits emerge.

    drupal.org/sa-core-2026-004

    Affected:

    - 8.9.0 , < 10.4.10
    - 10.5.0 , < 10.5.10
    - 10.6.0 , < 10.6.9
    - 11.0.0 , < 11.1.10
    - 11.2.0 , < 11.2.12
    - 11.3.0 , < 11.3.10

    CVE-2026-9082 - Highly critical - SQL Injection
    CVE-2026-8495 - Missing Authorization
    CVE-2026-8493 - XSS
    CVE-2026-8492
    CVE-2026-8491

    #Drupal #PHP #CyberSecurity #Infosec #CVE #WebSecurity #PostgreSQL #SqlInjection #PrivilegeEscalation #XSS

  17. Patch immediately before public exploits emerge.

    drupal.org/sa-core-2026-004

    Affected:

    - 8.9.0 , < 10.4.10
    - 10.5.0 , < 10.5.10
    - 10.6.0 , < 10.6.9
    - 11.0.0 , < 11.1.10
    - 11.2.0 , < 11.2.12
    - 11.3.0 , < 11.3.10

    CVE-2026-9082 - Highly critical - SQL Injection
    CVE-2026-8495 - Missing Authorization
    CVE-2026-8493 - XSS
    CVE-2026-8492
    CVE-2026-8491

    #Drupal #PHP #CyberSecurity #Infosec #CVE #WebSecurity #PostgreSQL #SqlInjection #PrivilegeEscalation #XSS

  18. Patch immediately before public exploits emerge.

    drupal.org/sa-core-2026-004

    Affected:

    - 8.9.0 , < 10.4.10
    - 10.5.0 , < 10.5.10
    - 10.6.0 , < 10.6.9
    - 11.0.0 , < 11.1.10
    - 11.2.0 , < 11.2.12
    - 11.3.0 , < 11.3.10

    CVE-2026-9082 - Highly critical - SQL Injection
    CVE-2026-8495 - Missing Authorization
    CVE-2026-8493 - XSS
    CVE-2026-8492
    CVE-2026-8491

    #Drupal #PHP #CyberSecurity #Infosec #CVE #WebSecurity #PostgreSQL #SqlInjection #PrivilegeEscalation #XSS

  19. Patch immediately before public exploits emerge.

    drupal.org/sa-core-2026-004

    Affected:

    - 8.9.0 , < 10.4.10
    - 10.5.0 , < 10.5.10
    - 10.6.0 , < 10.6.9
    - 11.0.0 , < 11.1.10
    - 11.2.0 , < 11.2.12
    - 11.3.0 , < 11.3.10

    CVE-2026-9082 - Highly critical - SQL Injection
    CVE-2026-8495 - Missing Authorization
    CVE-2026-8493 - XSS
    CVE-2026-8492
    CVE-2026-8491

    #Drupal #PHP #CyberSecurity #Infosec #CVE #WebSecurity #PostgreSQL #SqlInjection #PrivilegeEscalation #XSS

  20. #Drupal core - Highly critical - SQL injection - SA-CORE-2026-004

    Only affects Drupal sites that use Postgresql (5% of sites estimated by the security team)

    drupal.org/sa-core-2026-004

    #security #SQLinjection

  21. #Drupal core - Highly critical - SQL injection - SA-CORE-2026-004

    Only affects Drupal sites that use Postgresql (5% of sites estimated by the security team)

    drupal.org/sa-core-2026-004

    #security #SQLinjection

  22. #Drupal core - Highly critical - SQL injection - SA-CORE-2026-004

    Only affects Drupal sites that use Postgresql (5% of sites estimated by the security team)

    drupal.org/sa-core-2026-004

    #security #SQLinjection

  23. #Drupal core - Highly critical - SQL injection - SA-CORE-2026-004

    Only affects Drupal sites that use Postgresql (5% of sites estimated by the security team)

    drupal.org/sa-core-2026-004

    #security #SQLinjection

  24. #Drupal core - Highly critical - SQL injection - SA-CORE-2026-004

    Only affects Drupal sites that use Postgresql (5% of sites estimated by the security team)

    drupal.org/sa-core-2026-004

    #security #SQLinjection

  25. 🚨 CRITICAL: CVE-2026-9065 in brainstormforce SureCart <4.2.1 allows authenticated SQL injection via REST API ('/surecart/v1/integrations/{id}'). Exploit bypasses escaping with a dot in payloads — full DB extraction possible. Patch now! radar.offseq.com/threat/cve-20 #OffSeq #SQLInjection #WordPress

  26. 🚨 CRITICAL: CVE-2026-9065 in brainstormforce SureCart <4.2.1 allows authenticated SQL injection via REST API ('/surecart/v1/integrations/{id}'). Exploit bypasses escaping with a dot in payloads — full DB extraction possible. Patch now! radar.offseq.com/threat/cve-20 #OffSeq #SQLInjection #WordPress

  27. 🚨 CRITICAL: CVE-2026-9065 in brainstormforce SureCart <4.2.1 allows authenticated SQL injection via REST API ('/surecart/v1/integrations/{id}'). Exploit bypasses escaping with a dot in payloads — full DB extraction possible. Patch now! radar.offseq.com/threat/cve-20 #OffSeq #SQLInjection #WordPress

  28. 🚨 CRITICAL: CVE-2026-9065 in brainstormforce SureCart <4.2.1 allows authenticated SQL injection via REST API ('/surecart/v1/integrations/{id}'). Exploit bypasses escaping with a dot in payloads — full DB extraction possible. Patch now! radar.offseq.com/threat/cve-20 #OffSeq #SQLInjection #WordPress

  29. MEDIUM severity: CVE-2026-8724 in Dataease 2.10.20 allows SQL injection via SqlparserUtils.transFilter. Exploit requires high-priv user. No patch yet — restrict access & monitor for suspicious queries. More: radar.offseq.com/threat/cve-20 #OffSeq #SQLInjection #InfoSec

  30. MEDIUM severity: CVE-2026-8724 in Dataease 2.10.20 allows SQL injection via SqlparserUtils.transFilter. Exploit requires high-priv user. No patch yet — restrict access & monitor for suspicious queries. More: radar.offseq.com/threat/cve-20 #OffSeq #SQLInjection #InfoSec

  31. MEDIUM severity: CVE-2026-8724 in Dataease 2.10.20 allows SQL injection via SqlparserUtils.transFilter. Exploit requires high-priv user. No patch yet — restrict access & monitor for suspicious queries. More: radar.offseq.com/threat/cve-20 #OffSeq #SQLInjection #InfoSec

  32. MEDIUM severity: CVE-2026-8724 in Dataease 2.10.20 allows SQL injection via SqlparserUtils.transFilter. Exploit requires high-priv user. No patch yet — restrict access & monitor for suspicious queries. More: radar.offseq.com/threat/cve-20 #OffSeq #SQLInjection #InfoSec

  33. 🚨 CRITICAL: CVE-2026-46364 in phpMyFAQ <4.1.2 allows unauthenticated SQL injection via /api/captcha. Attackers can exfiltrate user creds, admin tokens, and SMTP info. Restrict endpoint & use WAF until patch is confirmed. radar.offseq.com/threat/cve-20 #OffSeq #SQLInjection #Infosec

  34. 🚨 CRITICAL: CVE-2026-46364 in phpMyFAQ <4.1.2 allows unauthenticated SQL injection via /api/captcha. Attackers can exfiltrate user creds, admin tokens, and SMTP info. Restrict endpoint & use WAF until patch is confirmed. radar.offseq.com/threat/cve-20 #OffSeq #SQLInjection #Infosec

  35. 🚨 CRITICAL: CVE-2026-46364 in phpMyFAQ <4.1.2 allows unauthenticated SQL injection via /api/captcha. Attackers can exfiltrate user creds, admin tokens, and SMTP info. Restrict endpoint & use WAF until patch is confirmed. radar.offseq.com/threat/cve-20 #OffSeq #SQLInjection #Infosec

  36. 🚨 CRITICAL: CVE-2026-46364 in phpMyFAQ <4.1.2 allows unauthenticated SQL injection via /api/captcha. Attackers can exfiltrate user creds, admin tokens, and SMTP info. Restrict endpoint & use WAF until patch is confirmed. radar.offseq.com/threat/cve-20 #OffSeq #SQLInjection #Infosec

  37. 🚨 CRITICAL: CVE-2026-46364 in phpMyFAQ <4.1.2 allows unauthenticated SQL injection via /api/captcha. Attackers can exfiltrate user creds, admin tokens, and SMTP info. Restrict endpoint & use WAF until patch is confirmed. radar.offseq.com/threat/cve-20 #OffSeq #SQLInjection #Infosec

  38. Avada Builder Flaws Expose WordPress Sites to Credential Theft

    A critical vulnerability in the Avada Builder WordPress plugin, used by an estimated one million active installations, leaves sites exposed to credential theft and data breaches. Two flaws, CVE-2026-4782 and CVE-2026-4798, allow attackers to read sensitive files and extract database information, putting your site at risk.

    osintsights.com/avada-builder-

    #Wordpress #AvadaBuilder #CredentialTheft #ArbitraryFileRead #SqlInjection

  39. Avada Builder Flaws Expose WordPress Sites to Credential Theft

    A critical vulnerability in the Avada Builder WordPress plugin, used by an estimated one million active installations, leaves sites exposed to credential theft and data breaches. Two flaws, CVE-2026-4782 and CVE-2026-4798, allow attackers to read sensitive files and extract database information, putting your site at risk.

    osintsights.com/avada-builder-

    #Wordpress #AvadaBuilder #CredentialTheft #ArbitraryFileRead #SqlInjection

  40. 🚨 CRITICAL: SQL injection (CVE-2026-34260, CVSS 9.6) in SAP S/4HANA (SAP_BASIS 751-816). Authenticated attackers can access sensitive data & crash apps. No patch yet — restrict access & monitor logs. radar.offseq.com/threat/cve-20 #OffSeq #SAP #Infosec #SQLInjection

  41. 🚨 CRITICAL: SQL injection (CVE-2026-34260, CVSS 9.6) in SAP S/4HANA (SAP_BASIS 751-816). Authenticated attackers can access sensitive data & crash apps. No patch yet — restrict access & monitor logs. radar.offseq.com/threat/cve-20 #OffSeq #SAP #Infosec #SQLInjection

  42. 🚨 CRITICAL: SQL injection (CVE-2026-34260, CVSS 9.6) in SAP S/4HANA (SAP_BASIS 751-816). Authenticated attackers can access sensitive data & crash apps. No patch yet — restrict access & monitor logs. radar.offseq.com/threat/cve-20 #OffSeq #SAP #Infosec #SQLInjection