Mastodawn

⚠️ HIGH severity alert: CVE-2026-2580 – SQL Injection in flippercode WP Maps plugin for WordPress (all versions). Unauthenticated attackers can exfiltrate data via 'orderby'. Patch or mitigate ASAP. https://radar.offseq.com/threat/cve-2026-2580-cwe-89-improper-neutralization-of-sp-b93f1b1b #OffSeq #WordPress #Vuln #SQLi

Offensive Sequence 4d ago

🔴 CVE-2026-27413: CRITICAL Blind SQL Injection in Cozmoslabs Profile Builder Pro (≤3.13.9) allows unauthenticated data exfiltration. No patch yet — restrict access, monitor logs. Details: https://radar.offseq.com/threat/cve-2026-27413-cwe-89-improper-neutralization-of-s-2b17e884 #OffSeq #WordPress #SQLi #Infosec

Dave 5d ago

Published the writeup for the authenticated SQL injection vulnerability in Kanboard - CVE-2026-33058.

https://0dave.ch/posts/cve-2026-33058/
https://www.cve.org/CVERecord?id=CVE-2026-33058
https://github.com/kanboard/kanboard/security/advisories/GHSA-f62r-m4mr-2xhh

#webappsec #cve #sqli

Kanboard CVE-2026-33058 Writeup

Walkthrough of the discovery of an authenticated SQL injection in Kanboard version <= 1.2.50 tracked as CVE-2026-33058

0dave

Offensive Sequence 5d ago

🚨 CVE-2026-22730: HIGH-severity SQL injection in VMware Spring AI (1.0.x, 1.1.x) lets users with limited privileges run arbitrary SQL via MariaDBFilterExpressionConverter. Patch ASAP & harden input validation! https://radar.offseq.com/threat/cve-2026-22730-vulnerability-in-vmware-spring-ai-ddcf48d5 #OffSeq #VMware #SQLi #Infosec

The New Oil Mar 15

#SQLi flaw in #Elementor #Ally plugin impacts 250k+ #WordPress sites

https://www.bleepingcomputer.com/news/security/sqli-flaw-in-elementor-ally-plugin-impacts-250k-plus-wordpress-sites/

#cybersecurity

SQLi flaw in Elementor Ally plugin impacts 250k+ WordPress sites

An SQL injection vulnerability in Ally, a WordPress plugin from Elementor for web accessibility and usability with more than 400,000 installations, could be exploited to steal sensitive data without authentication.

BleepingComputer

Offensive Sequence Mar 2

🚨 CRITICAL: CVE-2026-2584 in Ciser CSIP firmware 3.0 – 5.1 enables unauthenticated SQL injection via login interface. Config data at risk — patch not yet released. Restrict access & monitor now. https://radar.offseq.com/threat/cve-2026-2584-cwe-89-improper-neutralization-of-sp-3951e11b #OffSeq #CVE20262584 #SQLi #FirmwareSecurity

Offensive Sequence Feb 17

CVE-2026-2247: HIGH-severity SQL injection in Clickedu SaaS (all versions). Attackers can exploit 'id_alu' in report card URLs to access sensitive data. Persistent session tokens increase risk. Prioritize mitigation! https://radar.offseq.com/threat/cve-2026-2247-cwe-89-improper-neutralization-of-sp-b8f5f03e #OffSeq #SQLi #InfoSec #EduSec

Happy Hacking Space Feb 11

New Tool Alert

pirebok - a guided adversarial fuzzer with evolutionary search

Give it a payload. It mutates it until it bypasses the WAF.

No wordlists. No manual tuning. 9 mutation strategies. Evolutionary search breeds payloads until they slip past classifiers.

pirebok -f GuidedRandomSqlFuzzer -p "admin' OR 1=1#"
> aDm1n'/**/oR/**/0x1=1#

pip install pirebok
github.com/HappyHackingSpace/pirebok

#infosec #waf #sqli #fuzzing #pentesting #python #opensource #HappyHackingSpace #Diyarbakir

Bill Feb 11

Why

do we still

have SQL injection vulnerabilities?

I mean, comeon man.

https://thehackernews.com/2026/02/fortinet-patches-critical-sqli-flaw.html

#fortinet #sqli

Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution

Fortinet fixes critical FortiClientEMS SQL injection flaw (CVSS 9.1) enabling code execution; separate SSO bug actively exploited.

The Hacker News

CyberNetsecIO Feb 4

📰 Critical Flaws in Django Framework Expose Sites to DoS and SQL Injection

Critical vulnerabilities found in the Django web framework could lead to Denial-of-Service and SQL Injection attacks. All users are urged to patch their instances immediately. ⚠️ #Django #Vulnerability #PatchNow #SQLi

🔗 https://cyber.netsecops.io/articles/critical-django-vulnerabilities-enable-dos-and-sql-injection/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

Critical Flaws in Django Framework Expose Sites to DoS and SQL Injection

The Django web framework has released security updates to address critical vulnerabilities that could enable Denial-of-Service (DoS) and SQL injection attacks.

CyberNetSec.io