Cwe-89 - SQL Injection is a cwe tracked across 50 threat clusters and 153 intelligence report mentions on ThreatCluster. First observed April 16, 2026; most recent activity July 16, 2026.
SonicWall has reported two critical vulnerabilities, CVE-2026-15409 and CVE-2026-15410, affecting its SMA1000 Series appliances, which are currently being actively exploited. The first vulnerability, CVE-2026-15409, is…
A critical command injection vulnerability, CVE-2026-42271, in LiteLLM, an open-source AI gateway, allows unauthenticated remote code execution (RCE) when chained with CVE-2026-48710, a Host header validation bypass in…
CVE-2026-52887 is a critical SQL injection vulnerability affecting NocoBase, an AI-powered no-code/low-code platform. The flaw allows unauthenticated remote attackers to execute arbitrary SQL queries via the…
A critical SQL injection vulnerability (CVE-2026-9082) in Drupal Core has been identified, affecting multiple supported versions. The vulnerability, with a CVSS score of 9.8, allows unauthenticated attackers to execute…
A critical unauthenticated SQL injection vulnerability (CVE-2026-49776) has been identified in the GPTranslate plugin for WordPress, affecting versions 2.32.6 and earlier. This flaw allows attackers to execute arbitrary…
A sophisticated cyber campaign has exploited a critical cPanel vulnerability (CVE-2026-41940) to breach government and military servers in Southeast Asia, particularly targeting Indonesia. The attackers utilized a…
A critical server-side template injection (SSTI) vulnerability in FOSSBilling, tracked as CVE-2026-28496, was disclosed on June 23, 2026. This flaw affects all versions up to 0.7.2 and allows attackers to exploit unsafe…
A critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS is being actively exploited in a large-scale cyberattack affecting over 700 websites, including those of Harvard University, Oxford University, Auburn…
A critical SQL injection vulnerability, identified as CVE-2026-37749, has been discovered in CodeAstro Simple Attendance Management System v1.0. This flaw allows remote unauthenticated attackers to bypass authentication…
The Lazarus Group, a North Korea-linked cybercrime organization, has intensified its operations against financial and cryptocurrency sectors using a sophisticated fileless Remote Access Trojan (RAT) called RemotePE.…