The New OilApr 30

Hackers are exploiting a critical #LiteLLM pre-auth #SQLi flaw

https://www.bleepingcomputer.com/news/security/hackers-are-exploiting-a-critical-litellm-pre-auth-sqli-flaw/

#cybersecurity

Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw

Hackers are targeting sensitive information stored in the LiteLLM open-source large-language model (LLM) gateway by exploiting a critical vulnerability  tracked as CVE-2026-42208.

BleepingComputer
OffSequenceApr 26
MEDIUM severity: CVE-2026-7028 impacts CodeAstro Online Job Portal 1.0. SQL injection possible via /admin/jobs-admins/delete-jobs.php (ID param). Exploit is public — monitor for attacks and restrict access! https://radar.offseq.com/threat/cve-2026-7028-sql-injection-in-codeastro-online-jo-7d79de51 #OffSeq #SQLi #Vulnerability #InfoSec
OffSequenceApr 22
🚨 CRITICAL: CyferShepard Jellystat <1.1.10 vulnerable to SQL injection (CVE-2026-41167). Auth’d users can read any DB table & execute commands on the PostgreSQL host. Upgrade to 1.1.10 ASAP! https://radar.offseq.com/threat/cve-2026-41167-cwe-89-improper-neutralization-of-s-51b08aed #OffSeq #Jellystat #SQLi #Infosec
OffSequenceApr 17
🚨 CRITICAL SQL injection (CVE-2026-37749) in CodeAstro Simple Attendance Management System v1.0: Remote unauthenticated attackers can bypass authentication via index.php. Restrict access & deploy WAFs until a patch arrives. https://radar.offseq.com/threat/cve-2026-37749-na-c4c6e5dc #OffSeq #SQLi #Infosec
OffSequenceApr 14
🚨 CRITICAL: CVE-2026-27681 in SAP BPC & BW (CVSS 9.9). Authenticated users can inject SQL, risking data integrity & availability. No patch yet — restrict access & monitor DB activity. https://radar.offseq.com/threat/cve-2026-27681-cwe-89-improper-neutralization-of-s-a7704991 #OffSeq #SAP #Vuln #SQLi
Chema Alonso Apr 9
El lado del mal - Un "Hardening Tip" de BBDD - de mi Lost & Found - contra las "Heavy Queries Malignas" https://elladodelmal.com/2026/04/un-hardening-tip-de-bbdd-de-mi-lost.html #SQLi #hardening #BBDD #HeavyQueries #SQL
Un "Hardening Tip" de BBDD - de mi Lost & Found - contra las "Heavy Queries Malignas"

Blog personal de Chema Alonso ( https://MyPublicInbox.com/ChemaAlonso ): Ciberseguridad, IA, Innovación, Tecnología, Cómics & Cosas Personasles.

OffSequenceMar 29
⚠️ CVE-2026-5019: SQL injection in code-projects Simple Food Order System 1.0 (all-orders.php, Status param). MEDIUM severity, public exploit available — remote attackers at risk. Monitor and restrict exposure. https://radar.offseq.com/threat/cve-2026-5019-sql-injection-in-code-projects-simpl-bb8230db #OffSeq #SQLi #Vuln
OffSequenceMar 23
⚠️ HIGH severity alert: CVE-2026-2580 – SQL Injection in flippercode WP Maps plugin for WordPress (all versions). Unauthenticated attackers can exfiltrate data via 'orderby'. Patch or mitigate ASAP. https://radar.offseq.com/threat/cve-2026-2580-cwe-89-improper-neutralization-of-sp-b93f1b1b #OffSeq #WordPress #Vuln #SQLi
OffSequenceMar 19
🔴 CVE-2026-27413: CRITICAL Blind SQL Injection in Cozmoslabs Profile Builder Pro (≤3.13.9) allows unauthenticated data exfiltration. No patch yet — restrict access, monitor logs. Details: https://radar.offseq.com/threat/cve-2026-27413-cwe-89-improper-neutralization-of-s-2b17e884 #OffSeq #WordPress #SQLi #Infosec
DaveMar 18

Published the writeup for the authenticated SQL injection vulnerability in Kanboard - CVE-2026-33058.

https://0dave.ch/posts/cve-2026-33058/
https://www.cve.org/CVERecord?id=CVE-2026-33058
https://github.com/kanboard/kanboard/security/advisories/GHSA-f62r-m4mr-2xhh

#webappsec #cve #sqli

Kanboard CVE-2026-33058 Writeup

Walkthrough of the discovery of an authenticated SQL injection in Kanboard version <= 1.2.50 tracked as CVE-2026-33058

0dave