CVE-2026-5035: SQL Injection in code-projects Accounting System A vulnerability has been found in code-projects Accounting System 1.0. This affects an unknown part of the file /view_work.php of the component Parameter Handler. Such manipulation of the argument en_id leads to sql injection. It is possibl

SQL Injection in code-projects Accounting System 1.0 (MEDIUM, CVE-2026-5035) via /view_work.php. Public exploit exists — check your deployments and limit exposure. radar.offseq.com/threat/cve-2026-5035-sql... #OffSeq #SQLInjection

CVE-2026-5033: SQL Injection in code-projects Accounting System A vulnerability was detected in code-projects Accounting System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_costumer.php of the component Parameter Handler. The manipulation of the argument cos_id resul

MEDIUM severity: code-projects Accounting System 1.0 faces public SQL injection exploit in /view_costumer.php (cos_id). Monitor for threats & prepare to patch. Details: radar.offseq.com/threat/cve-2026-5033-sql... #OffSeq #SQLInjection #CyberAlert

CVE-2026-5019: SQL Injection in code-projects Simple Food Order System A security vulnerability has been detected in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file all-orders.php of the component Parameter Handler. The manipulation of the argu

SQL injection in code-projects Simple Food Order System 1.0 (MEDIUM). Public exploit out — restrict access and monitor for suspicious DB activity. Details: radar.offseq.com/threat/cve-2026-5019-sql... #OffSeq #SQLInjection #Vulnerability

CVE-2026-33991: CWE-89: Improper Neutralization of Special Elements used in an S CVE-2026-33991 is an SQL Injection vulnerability identified in the WeGIA web management system developed by LabRedesCefetRJ, specifically affecting versions prior to 3.6.7. The vulnerability is located in the file `html/socio/sistema/deleta

WeGIA < 3.6.7 hit by HIGH severity SQL Injection (CVE-2026-33991). Charitable orgs: upgrade to 3.6.7 or secure deletar_tag.php now to protect sensitive data. radar.offseq.com/threat/cve-2026-33991-cw... #OffSeq #SQLInjection #Cybersecurity

Learn how a simple SQL vulnerability can bypass 2FA, exposing systems to unauthorized access and serious security risks.

#CyberSecurity #SQLInjection #2FA #DataSecurity #Infosec #Podcast

music.amazon.com/podcasts/e9e...

CVE-2026-2580: CWE-89 Improper Neutralization of Special Elements used in an SQL CVE-2026-2580 is a critical SQL Injection vulnerability identified in the flippercode WP Maps – Store Locator, Google Maps, OpenStreetMap, Mapbox, Listing, Directory & Filters plugin for WordPress, affecting all versions up to 4.9.1. The vu

WP Maps plugin (all versions) hit by HIGH severity SQL Injection (CVE-2026-2580). Sites risk data leaks via 'orderby' param. Update or disable plugin now! radar.offseq.com/threat/cve-2026-2580-cwe... #OffSeq #WordPress #SQLInjection

CVE-2026-4540: SQL Injection in projectworlds Online Notes Sharing System CVE-2026-4540 identifies a SQL Injection vulnerability in the projectworlds Online Notes Sharing System version 1.0. The vulnerability resides in the /login.php script, specifically in the Parameters Handler component that processes the 'Be

SQL Injection alert (MEDIUM): projectworlds Online Notes Sharing System v1.0 vulnerable via /login.php 'Benutzer' parameter. Public exploit code out — patch or mitigate ASAP. Details: radar.offseq.com/threat/cve-2026-4540-sql... #OffSeq #SQLInjection...

CVE-2026-32767: CWE-89: Improper Neutralization of Special Elements used in an S CVE-2026-32767 is a critical SQL injection vulnerability affecting SiYuan, a personal knowledge management system, in versions prior to 3.6.1. The vulnerability resides in the /api/search/fullTextSearchBlock endpoint, specifically when the

SiYuan <3.6.1 hit by CRITICAL SQL injection (CVE-2026-32767): low-priv users can run any SQL via /api/search/fullTextSearchBlock. Upgrade to 3.6.1+ ASAP! radar.offseq.com/threat/cve-2026-32767-cw... #OffSeq #SiYuan #SQLInjection

Critical vulnerability CVE-2026-21643 in FortiClient EMS allows unauthenticated remote code execution. Immediate upgrade to version 7.4.5 recommended. #CyberSecurity #Fortinet #SQLInjection Link: thedailytechfeed.com/critical-for...

CVE-2026-27413: CWE-89 Improper Neutralization of Special Elements used in an SQ CVE-2026-27413 is a critical security vulnerability classified under CWE-89 (Improper Neutralization of Special Elements used in an SQL Command), commonly known as SQL Injection. It affects Cozmoslabs Profile Builder Pro, a popular WordPres

🚨 CRITICAL SQL Injection in Profile Builder Pro (≤3.13.9) allows remote data theft — no auth needed. No patch yet — immediately restrict access & monitor logs. Details: radar.offseq.com/threat/cve-2026-27413-cw... #OffSeq #WordPress #SQLInjection

CVE-2026-32698: CWE-89: Improper Neutralization of Special Elements used in an S CVE-2026-32698 is a critical SQL injection vulnerability identified in OpenProject, a widely used open-source web-based project management tool. The vulnerability exists in versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1. It stems from

CRITICAL: OpenProject SQL injection (CVE-2026-32698, CVSS 9.1) lets admins trigger RCE via chained bugs. Upgrade to 16.6.9/17.0.6/17.1.3/17.2.1+ now! 🛡️ radar.offseq.com/threat/cve-2026-32698-cw... #OffSeq #SQLInjection #OpenProject

CVE-2026-22730: Vulnerability in VMware Spring AI CVE-2026-22730 is a high-severity SQL injection vulnerability affecting VMware Spring AI versions 1.0.x and 1.1.x. The vulnerability resides in the MariaDBFilterExpressionConverter module, which is responsible for converting filter expressi

🚨 VMware Spring AI 1.0.x/1.1.x hit by HIGH-severity SQL injection (CVE-2026-22730)! Limited-priv attackers can execute arbitrary SQL. Patch when released, tighten input checks now. radar.offseq.com/threat/cve-2026-22730-vu... #OffSeq #VMware #SQLInjection

CVE-2026-28430: CWE-89: Improper Neutralization of Special Elements used in an S Chamilo LMS, a widely used open-source learning management system, suffers from a critical SQL injection vulnerability identified as CVE-2026-28430. This vulnerability exists in versions prior to 1.11.34 and is triggered via the custom_date

Chamilo LMS < 1.11.34 faces CRITICAL SQL injection (CVSS 9.3). Attackers can seize admin access & PII. Patch to 1.11.34 now! radar.offseq.com/threat/cve-2026-28430-cw... #OffSeq #SQLInjection #CyberAlert

Una vulnerabilidad SQL Injection en Koha permite manipular consultas SQL desde la interfaz de personal.

Un ejemplo más de cómo una entrada mal validada puede poner en riesgo toda una base de datos.

#CyberSecurity #SQLInjection

Critical SQLi Bug Hits Ally Plugin Sites
Read More: buff.ly/O6ZOGn0

#CVE20262413 #WordPressSecurity #SQLInjection #AllyPlugin #WebAppSecurity #CriticalVulnerability #PatchNow #InfosecAlert

SQL Injection Vulnerability in Ally WordPress Plugin Exposes 200K+ Sites SQL injection flaw in Ally WordPress plugin exposes 200,000+ sites to data theft. Patch released, but most installations remain unpatched and vulnerable.

Over 200,000 #WordPress sites are exposed due to an SQL injection flaw in the Ally plugin (CVE-2026-2413), allowing attackers to extract database data. Patch released, but many sites remain vulnerable.

Read: hackread.com/sql-injectio...

#CyberSecurity #SQLInjection #Vulnerability

Watching someone trying to perform an SQL injection attack on a form on a personal web page. It's not going to work. Nevertheless, I think I am going to respond to this by adding further protections.

#SQL #Security #SQLInjection

One moment, please...

A SQL injection flaw (CVE-2026-2413) in the Ally WordPress plugin exposed over 200,000 sites to data extraction via time-based blind SQL attacks. Ally 4.1.0 patch adds sanitization, but 60% remain vulnerable. #WordPress #SQLInjection #USA

CVE-2026-31896: CWE-89: Improper Neutralization of Special Elements used in an S The vulnerability CVE-2026-31896 affects the WeGIA web management system, specifically versions before 3.6.6. The root cause is improper neutralization of special elements in SQL commands (CWE-89), resulting from the use of PHP's extract($_

WeGIA <3.6.6 hit by CRITICAL SQL injection (CVSS 9.8). Remote attackers can access or alter DB data. Upgrade to 3.6.6+ or apply WAF rules now! Full details: radar.offseq.com/threat/cve-2026-31896-cw... #OffSeq #SQLInjection #Cybersecurity

Original post on 23.social

codewall.ai/blog/how-we-hacked-mckin...

"The agent mapped the attack surface and found the API documentation publicly exposed — over 200 endpoints, fully documented. Most required authentication. Twenty-two didn't.

One of those unprotected endpoints wrote user search […]

CVE-2026-30860: CWE-89: Improper Neutralization of Special Elements used in an S Tencent WeKnora, an LLM-powered framework for deep document understanding and semantic retrieval, contains a critical SQL injection vulnerability (CVE-2026-30860) in versions prior to 0.2.12. The vulnerability stems from the application's f

CRITICAL: Tencent WeKnora (<0.2.12) has a severe SQLi flaw (CVE-2026-30860) enabling unauth RCE via PostgreSQL queries. Upgrade to 0.2.12 ASAP! radar.offseq.com/threat/cve-2026-30860-cw... #OffSeq #SQLInjection #Security

CVE-2026-28501: CWE-89: Improper Neutralization of Special Elements used in an S CVE-2026-28501 is a critical SQL Injection vulnerability identified in the open-source video platform WWBN AVideo, specifically affecting versions prior to 24.0. The vulnerability exists in the objects/videos.json.php and objects/video.php

CRITICAL: WWBN AVideo < 24.0 hit by SQL Injection via JSON POST (catName). Unauthenticated exploit risks full DB compromise. Upgrade to v24.0+ or add WAF rules now! radar.offseq.com/threat/cve-2026-28501-cw... #OffSeq #Vuln #SQLInjection

CVE-2026-27743: CWE-89 Improper Neutralization of Special Elements used in an SQ The SPIP referer_spam plugin, widely used for managing spam referrer data in SPIP CMS environments, contains a severe SQL injection vulnerability identified as CVE-2026-27743. This vulnerability affects all versions prior to 1.3.0 and resid

CRITICAL SQL injection (CVE-2026-27743) in SPIP referer_spam <1.3.0 — unauthenticated SQL execution via GET. Update to 1.3.0+ or apply mitigations now. Protect your data! radar.offseq.com/threat/cve-2026-27743-cw... #OffSeq #SQLInjection #SPIP

How a Single SQL Flaw Can Bypass 2FA and Compromise Your Security

2FA isn’t foolproof. 🚨 Learn how SQL injection, weak hashing, and exposed TOTP secrets can bypass two-factor authentication—without touching the victim’s phone. A real-world breakdown of where security fails.

#CyberSecurity #2FA #SQLInjection

open.spotify.com/episode/6h7i...

CVE-2026-26198: CWE-89: Improper Neutralization of Special Elements used in an S Ormar is an asynchronous mini ORM for Python designed to simplify database interactions. Versions 0.9.9 through 0.22.0 contain a critical SQL injection vulnerability (CVE-2026-26198) due to improper neutralization of special elements in SQL

🚨 Critical SQL injection in Ormar (0.9.9 – 0.22.0)! No auth needed — attackers can access any DB data. Upgrade to 0.23.0+ or validate inputs urgently. radar.offseq.com/threat/cve-2026-26198-cw... #OffSeq #Python #SQLInjection

CVE-2026-24494: CWE-89 Improper Neutralization of Special Elements used in an SQ CVE-2026-24494 identifies a critical SQL Injection vulnerability in the Order Up Online Ordering System version 1.0, specifically in the /api/integrations/getintegrations endpoint. The vulnerability arises from improper neutralization of sp

Order Up Online Ordering System v1.0 hit by CRITICAL SQL Injection (CVSS 9.8). Unauthenticated attackers can access or alter backend data. Patch urgently or apply mitigations! radar.offseq.com/threat/cve-2026-24494-cw... #OffSeq #SQLInjection #AppSec

CVE-2026-26980: CWE-89: Improper Neutralization of Special Elements used in an S CVE-2026-26980 is a critical SQL Injection vulnerability identified in the TryGhost Ghost content management system, specifically affecting versions from 3.24.0 up to but not including 6.19.1. Ghost is a popular Node.js-based CMS used for b

Critical SQL Injection in TryGhost Ghost CMS (3.24.0 – 6.19.0). Unauthenticated attackers can read sensitive DB data. Upgrade to 6.19.1 now! radar.offseq.com/threat/cve-2026-26980-cw... #OffSeq #SQLInjection #GhostCMS

CVE-2026-2409: CWE-89 Improper Neutralization of Special Elements used in an SQL CVE-2026-2409 is a critical SQL Injection vulnerability identified in Delinea Cloud Suite, a privileged access management solution widely used in enterprise environments. The flaw stems from improper neutralization of special elements in SQ

CRITICAL: SQL Injection in Delinea Cloud Suite (<25.2 HF1) lets low-priv users access or modify data remotely. Patch ASAP, validate inputs, monitor for anomalies. 🛡️ radar.offseq.com/threat/cve-2026-2409-cwe... #OffSeq #SQLInjection #CloudSecurity

CVE-2026-2495: CWE-89 Improper Neutralization of Special Elements used in an SQL CVE-2026-2495 is a SQL Injection vulnerability identified in the WPNakama plugin for WordPress, which facilitates team and multi-client collaboration, editorial, and project management functions. The vulnerability specifically targets the '

HIGH severity SQL Injection found in WPNakama plugin for WordPress (≤0.6.5). REST API flaw allows data exposure. Patch or deploy WAF now to mitigate risk! radar.offseq.com/threat/cve-2026-2495-cwe... #OffSeq #WordPress #SQLInjection

CISA alerts on critical SQL injection vulnerability in Microsoft Configuration Manager (CVE-2024-43468). Immediate patching required to prevent active exploits. #CyberSecurity #SQLInjection #Microsoft Link: thedailytechfeed.com/critical-sql...