Skip to content
The Nexus
DossierENTITY

SQL injection vulnerability

Coverage of SQL injection vulnerability in the Nexus archive.

Earliest in view: Apr 15 · 12:37 UTCMost recent: May 26 · 08:46 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYMay 26 · 08:46 UTCBLEEPING COMPUTER
    CISA orders feds to patch actively exploited Drupal vulnerability

    CISA has directed U.S. federal agencies to patch an SQL injection vulnerability in the Drupal CMS by Wednesday evening, as it is currently being actively exploited. The order emphasizes urgent action to secure government servers against potential attacks.

  • SECURITYMay 25 · 12:02 UTCTHE HACKER NEWS
    Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

    Threat actors are exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript into over 700 websites for ClickFix attacks. QiAnXin XLab reported the exploit, which leverages an unauthenticated API flaw with a CVSS score of 9.4 to exfiltrate data and deploy malware.

  • SECURITYMay 22 · 13:14 UTCBLEEPING COMPUTER
    Drupal: Critical SQL injection flaw now targeted in attacks

    Drupal has issued a critical warning about a severe SQL injection vulnerability that is now being actively exploited by hackers. The flaw was announced earlier this week and poses significant security risks to systems running the platform.

  • SECURITYApr 15 · 12:37 UTCTHE HACKER NEWS
    April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More

    April's Patch Tuesday addresses critical vulnerabilities in products from Adobe, Fortinet, Microsoft, and SAP. A high-severity SQL injection flaw (CVE-2026-27681) in SAP's Business Planning and Consolidation and Business Warehouse systems could allow arbitrary database execution.

SQL injection vulnerability · Dossier · The Nexus