Skip to content
The Nexus
DossierENTITY

SQL injection

Coverage of SQL injection in the Nexus archive.

Earliest in view: Apr 28 · 21:07 UTCMost recent: Jun 22 · 11:00 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYJun 22 · 11:00 UTCTHE VERGE
    Read this before you vibe-code another app

    Bob Starr created a website called 'Boomberg' to display how much US tax money is allocated to tech companies, but months after launching it, he discovered a hidden SQL injection vulnerability that could have allowed attackers to access or modify sensitive data. Starr, a project manager in the tech sector, acknowledged the oversight as a learning blind spot and warned others might make similar mistakes.

  • SECURITYJun 12 · 09:50 UTCTHE HACKER NEWS
    LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution

    Cybersecurity researchers disclosed three patched security flaws in LangGraph, an open-source framework by LangChain for building AI agents, including a critical vulnerability chain that could lead to remote code execution.

  • SECURITYMay 24 · 14:12 UTCBLEEPING COMPUTER
    Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

    A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code, enabling ClickFix attack flows. The flaw allows attackers to execute arbitrary SQL commands and compromise affected websites.

  • SECURITYMay 23 · 07:23 UTCTHE HACKER NEWS
    Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

    CISA has added a critical SQL injection vulnerability (CVE-2026-9082) in Drupal Core to its KEV catalog due to active exploitation. The flaw affects all supported versions of Drupal Core and carries a CVSS score of 6.5.

  • SECURITYApr 29 · 05:34 UTCTHE HACKER NEWS
    LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

    A critical SQL injection vulnerability (CVE-2026-42208) in BerriAI's LiteLLM Python package was exploited in the wild within 36 hours of disclosure. The flaw, with a CVSS score of 9.3, allows attackers to modify underlying data through SQL injection attacks.

  • SECURITYApr 28 · 21:07 UTCBLEEPING COMPUTER
    Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw

    Hackers are exploiting a critical pre-authentication SQL injection vulnerability (CVE-2026-42208) in the LiteLLM open-source LLM gateway to access sensitive information. The flaw allows attackers to bypass authentication and manipulate database queries, risking data exposure.

SQL injection · Dossier · The Nexus