CVE-2026-8054

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in the Publish Audit API endpoints /api/auditPublishing/get and /api/auditPublishing/getAll in dotCMS Core 25.11.04-1 through 26.04.28-02 allows remote unauthenticated attackers to read, modify, or destroy arbitrar...

CivicRM 4.7b3 SQL Injection

CivicRM extends common CMS platforms WordPress, Drupal with a module to manage Civic campaigns, tracking donors, amounts, and campaign CRM type activity. I tested the WordPress integration of CivicRM 4.7b3 which was found to have blind SQL Injections that allow authenticated users to download...