OffSequence2h ago
🚨 Drupal sites using PostgreSQL face a highly critical SQL injection vuln (CVE-2026-9082), risking RCE & data exposure. Patch versions 11.3, 11.2, 10.6, 10.5.x ASAP. Update Symfony & Twig too. No active exploitation yet. https://radar.offseq.com/threat/drupal-patches-highly-critical-vulnerability-expos-a1486e66 #OffSeq #Drupal #SQLInjection #Infosec
Analyst2078h ago

Drupal Flaw Exposes PostgreSQL Sites to Remote Code Execution Attacks

A vulnerability in Drupal Core's database abstraction API leaves PostgreSQL sites open to devastating SQL injection attacks, allowing hackers to send malicious requests and wreak havoc. This highly critical flaw, tracked as CVE-2026-9082, has been patched with urgent security updates.

https://osintsights.com/drupal-flaw-exposes-postgresql-sites-to-remote-code-execution-attacks?utm_source=mastodon&utm_medium=social

#SqlInjection #RemoteCodeExecution #Postgresql #Drupal #Cve20269082

Drupal Flaw Exposes PostgreSQL Sites to Remote Code Execution Attacks

Protect your PostgreSQL sites from remote code execution attacks by learning about CVE-2026-9082, a highly critical Drupal flaw, and take action to update now.

OSINTSights
Show threadgithub.com/ghostwriter17h ago

Patch immediately before public exploits emerge.

https://www.drupal.org/sa-core-2026-004

Affected:

- 8.9.0 , < 10.4.10
- 10.5.0 , < 10.5.10
- 10.6.0 , < 10.6.9
- 11.0.0 , < 11.1.10
- 11.2.0 , < 11.2.12
- 11.3.0 , < 11.3.10

CVE-2026-9082 - Highly critical - SQL Injection
CVE-2026-8495 - Missing Authorization
CVE-2026-8493 - XSS
CVE-2026-8492
CVE-2026-8491

#Drupal #PHP #CyberSecurity #Infosec #CVE #WebSecurity #PostgreSQL #SqlInjection #PrivilegeEscalation #XSS

Drupal core - Highly critical - SQL injection - SA-CORE-2026-004

Drupal core includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests, resulting in arbitrary SQL injection for sites using PostgreSQL databases. This can lead to information disclosure, and in some cases privilege

Drupal.org
klausi19h ago

#Drupal core - Highly critical - SQL injection - SA-CORE-2026-004

Only affects Drupal sites that use Postgresql (5% of sites estimated by the security team)

https://www.drupal.org/sa-core-2026-004

#security #SQLinjection

Drupal core - Highly critical - SQL injection - SA-CORE-2026-004

Drupal core includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests, resulting in arbitrary SQL injection for sites using PostgreSQL databases. This can lead to information disclosure, and in some cases privilege

Drupal.org
OffSequence1d ago
🚨 CRITICAL: CVE-2026-9065 in brainstormforce SureCart <4.2.1 allows authenticated SQL injection via REST API ('/surecart/v1/integrations/{id}'). Exploit bypasses escaping with a dot in payloads — full DB extraction possible. Patch now! https://radar.offseq.com/threat/cve-2026-9065-cwe-89-improper-neutralization-of-sp-8901e797 #OffSeq #SQLInjection #WordPress
cyberowy1d ago

🚨 CVE-2025-12465: Blind SQL Injection w systemie QuickCMS

W popularnym systemie CMS QuickCMS w wersji 6.8 wykryto podatność CVE-2025-12465. Umożliwia ona ataki typu Blind SQL Injection, a producent nie dostarczył łatki.

https://cyberowi.pl/cve-2025-12465-blind-sql-injection-w-systemie-quickcms/

#cve #quickcms #sqlinjection #certpolska

#cyberbezpieczenstwo

Marcel SIneM(S)US2d ago
#PostgreSQL: Updates stopfen hochriskante Sicherheitslecks | Security https://www.heise.de/news/PostgreSQL-Updates-stopfen-hochriskante-Sicherheitslecks-11297485.html #SQL #Patchday #SQLinjection
PostgreSQL: Updates stopfen hochriskante Sicherheitslecks

Mit neuen PostgreSQL-Releases schließen die Entwickler gleich mehrere Sicherheitslücken. Die sind teils hochriskant.

heise online
Donweb Media2d ago

CVE-2026-4798: Avada Builder expone 1 millón de sitios

CVE-2026-4798 expone 1 millón de sitios WordPress a robo de credenciales vía Avada Builder. ¿Tu sitio usó WooCommerce alguna vez? Verificá ahora y actua...

https://seguridadenwordpress.com/cve-2026-4798-avada-builder-sql-injection-wordpress/

#cve20264798 #avadabuilder #sqlinjection #wordfence #wordpressvulnerabilidades

CVE-2026-4798: Avada Builder expone 1 millón de sitios - Seguridad en Wordpress

CVE-2026-4798 es una SQL injection sin autenticación en Avada Builder que afecta hasta la versión 3.15.1. Si WooCommerce alguna vez estuvo activo, tu sitio está en riesgo.

Seguridad en Wordpress
cyberowy3d ago

🚨 SQL Injection w Simple.ERP (CVE-2026-1198): Alert dla polskich firm

Wykryto podatność SQL Injection w popularnym polskim systemie ERP. Problem dotyczy wszystkich wersji Simple.ERP poniżej [email protected]_u06 i wymaga natychmiastowej aktualizacji.

https://cyberowi.pl/sql-injection-w-simple-erp-cve-2026-1198-alert-dla-polskich/

#cve #sqlinjection #simpleerp #erp

#cyberbezpieczenstwo

OffSequence4d ago
MEDIUM severity: CVE-2026-8724 in Dataease 2.10.20 allows SQL injection via SqlparserUtils.transFilter. Exploit requires high-priv user. No patch yet — restrict access & monitor for suspicious queries. More: https://radar.offseq.com/threat/cve-2026-8724-sql-injection-in-dataease-6c315564 #OffSeq #SQLInjection #InfoSec