SQL injection vulnerability
Coverage of SQL injection vulnerability in the Nexus archive.
- CISA orders feds to patch actively exploited Drupal vulnerability
CISA has directed U.S. federal agencies to patch an SQL injection vulnerability in the Drupal CMS by Wednesday evening, as it is currently being actively exploited. The order emphasizes urgent action to secure government servers against potential attacks.
- Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks
Threat actors are exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript into over 700 websites for ClickFix attacks. QiAnXin XLab reported the exploit, which leverages an unauthenticated API flaw with a CVSS score of 9.4 to exfiltrate data and deploy malware.
- Drupal: Critical SQL injection flaw now targeted in attacks
Drupal has issued a critical warning about a severe SQL injection vulnerability that is now being actively exploited by hackers. The flaw was announced earlier this week and poses significant security risks to systems running the platform.
- April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More
April's Patch Tuesday addresses critical vulnerabilities in products from Adobe, Fortinet, Microsoft, and SAP. A high-severity SQL injection flaw (CVE-2026-27681) in SAP's Business Planning and Consolidation and Business Warehouse systems could allow arbitrary database execution.